Ethical Hacking Automation

Automate Recon and scanning process with Vidoc. All security teams in one place

Complete Online Job Search System 1.0 - Cross-Site Scripting

By kannthu

High
Vidoc logoVidoc Module
#cve#cve2022#xss#eris
Description

What is the "Complete Online Job Search System 1.0 - Cross-Site Scripting?"

The "Complete Online Job Search System 1.0 - Cross-Site Scripting" module is designed to detect a cross-site scripting vulnerability in the Complete Online Job Search System 1.0 software. This vulnerability can allow attackers to inject malicious scripts into web pages viewed by users, potentially leading to unauthorized access, data theft, or other malicious activities. The severity of this vulnerability is classified as high, indicating the potential for significant harm if exploited.

Impact

If successfully exploited, the cross-site scripting vulnerability in the Complete Online Job Search System 1.0 software can have various impacts, including:

- Execution of arbitrary code or scripts on the user's browser - Theft of sensitive user information, such as login credentials or personal data - Manipulation of website content, leading to defacement or unauthorized modifications - Possible escalation of privileges, allowing attackers to gain administrative access

How the module works?

The "Complete Online Job Search System 1.0 - Cross-Site Scripting" module works by sending a specific HTTP request to the targeted software and analyzing the response for indicators of the vulnerability. The module's request template includes a POST request to the "/index.php?q=result&searchfor=advancesearch" endpoint, with a payload containing a malicious script injection. The module then checks the response body, headers, and status code for specific conditions to determine if the vulnerability is present.

Matching conditions used by the module include:

- Checking if the response body contains the string "Result : <script>alert(document.domain)</script>" and "ERIS" - Verifying if the response headers include the string "text/html" - Ensuring that the response status code is 200 (OK)

If all the matching conditions are met, the module reports the presence of the cross-site scripting vulnerability in the Complete Online Job Search System 1.0 software.

Module preview

Concurrent Requests (1)
1. HTTP Request template
Raw request
Matching conditions
word: Result : <script>alert(document.domain)<...and
word: text/htmland
status: 200
Passive global matcher
No matching conditions.
On match action
Report vulnerability