<<< Date Index >>>     <<< Thread Index >>>

Big Blue Guestbook HTML Injection Vulnerabilities



Hi friends, 


Big Blue Guestbook software is prone to HTML injection attacks. This issue is 
exposed via the message form field in the 

guestbook entry submission form. 

Exploitation could permit remote attackers to persistently inject hostile HTML 
and script code into guestbook content. This 

could allow for theft of cookie-based authentications or other attacks, such as 
those which misrepresent guestbook content. 

vendor : http://www.ben-barnett.com/guestbook.php
download : http://www.ben-barnett.com/BigBlueGuestbook.zip

Thnx: www.starhack.org // CaRaMeL