html Guest Gear

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: html Guest Gear
From: pieisgdvgd@xxxxxxxxxxxxx
Date: 27 May 2006 08:43:13 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

htmls guest gear (all pages that look like this 
http://htmlgear.tripod.com/guest/control.guest?a=sign) has an exploit where you 
can inject html and javascript into there guestbook by doing the following 

<br iframe src=javascript:alert("hi")>></br>

you can put any html or javascript in there. you can find vunrable page by 
doing the following google search 

site:http://htmlgear.tripod.com/guest/control.guest?a=sign

Prev by Date: Re: Re: A Nasty Security Bug that affect PGP Virtual Disks & PGP SDA , PGP 8.x & 9.x and Truecrypt.
Next by Date: [SECURITY] [DSA 1079-1] New MySQL 4.0 packages fix several vulnerabilities
Previous by thread: Re: Proof of concept that PGP AUTHENTICATION CAN BE BYPASSED WITHOUT PATCHING
Next by thread: [SECURITY] [DSA 1079-1] New MySQL 4.0 packages fix several vulnerabilities
Index(es):
- Date
- Thread