+==========================================================================+
+          Powered by Trabajando.com       & XSS Vulnerabilities           +
+==========================================================================+


Author(s): Ivan Sanchez 

Product: ©Copyright 1999-2008. Powered by Trabajando.com

Web: http://www.trabajando.com

Versions: All Version 

Date: 21/06/2008


The vendor knows these vulnerabilities-

Hundred of sites with domain "cl" are vulnerables  (Chile)


GOOGLE DORKS:
------------

inurl:"CFTOKEN="  trabajando.com

intile:"Copyright 1999-2008. Trabajando.com."

inurl:"verofertas.cfm?CFID="



Internal Variables:
-------------------

File:
----- 
http://.../../verOfertas.cfm

Input there evil xss and inject remote code.


variable= palabra  (Post)
variable= palabras (exploit to querystring)


Input there evil xss and inject remote code.

File:
-----
http://.../../avanzados.cfm

variable= palabrasa (exploit to querystring)






   NULL CODE SERVICES [ www.nullcode.com.ar ] Hunting Security Bugs!
+==========================================================================+
+       Powered by Trabajando.com      &  XSS Vulnerabilities              +
+==========================================================================+