cjGuestbook v1.3
Homepage: http://cmj-php.opanelhosting.com Affected files: * posting in the guestbook XSS vuln with cookie disclosure: cjGuestbook uses bbcode, and since theres a vulnerability in early editions of bbcode we can achieve our XSS example. For a PoC put in as your comment: [img]javascript:alert(document.cookie)[/img] Screenshots: http://www.youfucktard.com/xsp/cjgb1.jpg http://www.youfucktard.com/xsp/cjgb2.jpg
