NCT Jobs Portal Script ncrypted XSS and Authentication bypass

2010.05.01
Credit: Sid3^effects
Risk: Medium
Local: No
Remote: Yes
CWE: CWE-89
CWE-79

# Exploit Title: XSS and Authentication bypass in NCT Jobs Portal Script # Date: 24-apr-2010 # Author: Sid3^effects # Software Link: N/a # CVE : [] # Code : [] ______________________________________________________________________________ XSS and Authentication bypass in NCT Jobs Portal Script Vendor:http://www.ncrypted.net/ ___________________________Author:Sid3^effects_________________________________ Description : NCT Jobs Portal script is a web product for running powerful and customized job portals. Be it a fresh site that you want to launch or be it for integration into your already existing website, NCT Jobs Portal is everything you need when it comes to job portal or business networking solution. Jobs Portal comes with a front-end and a back-end (Admin Panel). Admin Panel has a wide range of functions along with a CMS (Content Management System) which will easily enpower you to customize and manage your very own Jobs Portal. script cost :$99 --------------------------------------------------------------------------- * Authentication bypass: The following script has authentication bypass in the admin login use ' or 1=1 or ''=' in both login and password. DEMO :http://clients.ncrypted.net/NCTJobs/admin/login.php --------------------------------------------------------------------------- * XSS (cross site scripting ) : XSS is also found in the search field. Parameter Name: Keywords or Tags or Desired City Parameter Type: Querystring Attack Pattern: '"--><script>alert(0x000872)</script> DEMO:http://clients.ncrypted.net/NCTJobs/ --------------------------------------------------------------------------- ShoutZ : ------- ---Indian Cyber warriors--Andhra hackers-- Greetz : -------- ---*L0rd rusAd&#234;r*---d4rk-blu&#65533;reg; [ICW]---R45C4L idi0th4ck3r---CR4C|< 008---M4n0j--

References:

http://xforce.iss.net/xforce/xfdb/58081
http://www.exploit-db.com/exploits/12370
http://packetstormsecurity.org/1004-exploits/nctjobsportal-sqlxss.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top