Big Blue Guestbook HTML Injection Vulnerabilities

[seko () se-ko info]

Hi friends, 


Big Blue Guestbook software is prone to HTML injection attacks. This issue is exposed via the message form field in the 

guestbook entry submission form. 

Exploitation could permit remote attackers to persistently inject hostile HTML and script code into guestbook content. 
This 

could allow for theft of cookie-based authentications or other attacks, such as those which misrepresent guestbook 
content. 

vendor : http://www.ben-barnett.com/guestbook.php
download : http://www.ben-barnett.com/BigBlueGuestbook.zip

Thnx: www.starhack.org // CaRaMeL