source: http://www.securityfocus.com/bid/4651/info MyGuestbook is freely available guestbook software. It will run on most Unix and Linux variants, as well as Microsoft Windows operating systems. MyGuestbook does not adequately filter script code from various fields. This may enable an attacker to inject script code which will be executed in the web client of an arbitrary user who views the guestbook. Attackers may potentially exploit this issue to hijack web content or to steal cookie-based authentication credentials. Sign up and post using the "name" <script>alert('evil+java+script+here')</script> or When posting comments just insert the <script>alert('evil+java+script+here')</script> to the comments field.
Related ExploitsTrying to match CVEs (1): CVE-2002-0732
Trying to match OSVDBs (1): 8394
Other Possible E-DB Search Terms: MyGuestbook 1.0, MyGuestbook
|2005-07-05||MyGuestbook 0.6.1 - Form.Inc.php3 Remote File Inclusion||SoulBlack G...|