source: http://www.securityfocus.com/bid/5676/info phpGB is subject to HTML injection attacks. phpGB fails to check for the presence of HTML tags when generating guestbook entries. It is reported that an attacker may inject HTML and script code into guestbook entries, which will be executed in the web client of the administrative guestbook user when the admin attempts to delete the entry. Enter the following guestbookentry: "delete me <script>alert(document.cookie)</script>"
Related ExploitsTrying to match CVEs (1): CVE-2002-1480
Trying to match OSVDBs (1): 9215
Other Possible E-DB Search Terms: phpGB 1.1, phpGB
|2002-09-09||PHPGB 1.1/1.2 - PHP Code Injection||ppp-design|
|2002-09-09||phpGB 1.x - SQL Injection||ppp-design|