XSS on Freshersworld.com

Website/Vendor: Freshersworld.com
Vendor notified at: 31/12/2008
URL: http://freshersworld.com/jobs/catjobs.asp?cat=Software

Description: The nature of the XSS was very simple and that's why very easily exploitable.
If a query like http://freshersworld.com/jobs/catjobs.asp?cat=>'><ScRiPt%20%0a%0d>alert('Testing')%3B</ScRiPt> is supplied the XSS is executed on the page.

Now exploiting it is a play for any 'Hacker's Child' ! ;)

It has been listed on www.xssed.com


Popular posts from this blog

SQL Injection in search field

File Upload through Null Byte Injection