|
cjGuestbook v1.3=0D
=0D
Homepage:=0D
http://cmj-php.opanelhosting.com=0D
=0D
Affected files:=0D
=0D
* posting in the guestbook=0D
=0D
XSS vuln with cookie disclosure:=0D
=0D
cjGuestbook uses bbcode, and since theres a vulnerability in early editions of bbcode we can achieve our XSS example.=0D
=0D
For a PoC put in as your comment:=0D
[img]javascript:alert(document.cookie)[/img]=0D
=0D
Screenshots:=0D
http://www.youfucktard.com/xsp/cjgb1.jpg=0D
http://www.youfucktard.com/xsp/cjgb2.jpg