Trabajando.com suffers from cross site scripting vulnerabilities.
0bf6a1c70ad76a93715d033dde94d2565b303faa5ead96b6ea0e39bb40fceb1c
+==========================================================================+
+ Powered by Trabajando.com & XSS Vulnerabilities +
+==========================================================================+
Author(s): Ivan Sanchez
Product: ©Copyright 1999-2008. Powered by Trabajando.com
Web: http://www.trabajando.com
Versions: All Version
Date: 21/06/2008
The vendor knows these vulnerabilities-
Hundred of sites with domain "cl" are vulnerables (Chile)
GOOGLE DORKS:
------------
inurl:"CFTOKEN=" trabajando.com
intile:"Copyright 1999-2008. Trabajando.com."
inurl:"verofertas.cfm?CFID="
Internal Variables:
-------------------
File:
-----
http://.../../verOfertas.cfm
Input there evil xss and inject remote code.
variable= palabra (Post)
variable= palabras (exploit to querystring)
Input there evil xss and inject remote code.
File:
-----
http://.../../avanzados.cfm
variable= palabrasa (exploit to querystring)
NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+==========================================================================+
+ Powered by Trabajando.com & XSS Vulnerabilities +
+==========================================================================+