Big Blue Guestbook HTML Injection Vulnerabilities

To: bugtraq@xxxxxxxxxxxxxxxxx
Subject: Big Blue Guestbook HTML Injection Vulnerabilities
From: seko@xxxxxxxxxx
Date: 23 Apr 2007 11:05:23 -0000
List-help: <mailto:bugtraq-help@securityfocus.com>
List-id: <bugtraq.list-id.securityfocus.com>
List-post: <mailto:bugtraq@securityfocus.com>
List-subscribe: <mailto:bugtraq-subscribe@securityfocus.com>
List-unsubscribe: <mailto:bugtraq-unsubscribe@securityfocus.com>
Mailing-list: contact bugtraq-help@xxxxxxxxxxxxxxxxx; run by ezmlm

Hi friends, 


Big Blue Guestbook software is prone to HTML injection attacks. This issue is 
exposed via the message form field in the 

guestbook entry submission form. 

Exploitation could permit remote attackers to persistently inject hostile HTML 
and script code into guestbook content. This 

could allow for theft of cookie-based authentications or other attacks, such as 
those which misrepresent guestbook content. 

vendor : http://www.ben-barnett.com/guestbook.php
download : http://www.ben-barnett.com/BigBlueGuestbook.zip

Thnx: www.starhack.org // CaRaMeL

Prev by Date: WASC-Articles: 'The business case for security frameworks'
Next by Date: 3proxy 0.5.3i bugfix release
Previous by thread: WASC-Articles: 'The business case for security frameworks'
Next by thread: 3proxy 0.5.3i bugfix release
Index(es):
- Date
- Thread