TUCoPS :: Web :: Guestbooks :: b06-3194.htm

cjGuestbook v1.3 - XSS
cjGuestbook v1.3 - XSS
cjGuestbook v1.3 - XSS



cjGuestbook v1.3=0D
=0D
Homepage:=0D
http://cmj-php.opanelhosting.com=0D 
=0D
Affected files:=0D
=0D
* posting in the guestbook=0D
=0D
XSS vuln with cookie disclosure:=0D
=0D
cjGuestbook uses bbcode, and since theres a vulnerability in early editions of bbcode we can achieve our XSS example.=0D
=0D
For a PoC put in as your comment:=0D
[img]javascript:alert(document.cookie)[/img]=0D
=0D
Screenshots:=0D
http://www.youfucktard.com/xsp/cjgb1.jpg=0D 
http://www.youfucktard.com/xsp/cjgb2.jpg 

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH