Simpbook suffers from an HTML injection vulnerability in the guestbook HTML area. #
681b3414ac3067c1597530450adb7f44d2f5d742655d0d8b216bd889d04b062c
------=_Part_16313_1254748.1135355350143
Content-Type: text/plain; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
###########################################################################
# Advisory #1 Title: HTML Injection Vulnerability in Simpbook( all vercion)
#
#
# Author: 0o_zeus_o0
# Contact: zeus@diosdelared.com
# Website: olimpusklan.org
# Date: 23/12/2005
# Risk: High
# Vendor Url: http://www.codegrrl.com
# Affected Software: Simpbook
# Non Affected:
#
# We Are:olimpus klan team
#
#=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
#TECHNICAL INFO:
#
#when being in the guest book HTML in the area of messages can be injected
#with the next script
#
#Example:
#
#<h1>hi
#
#<script>alert('you hacked')</script>
#
#or some inframe
#
#
#
#
#=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
#
#VULNERABLE VERSIONS: all
#
#=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
Contact information
#0o_zeus_o0
#zeus@diosdelared.com
#www.olimpusklan.org
#=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
#greetz: lady fire, fraude, adi, xoxo , pandora, mbyte
###########################################################################=
###
------=_Part_16313_1254748.1135355350143
Content-Type: text/html; charset=ISO-8859-1
Content-Transfer-Encoding: quoted-printable
Content-Disposition: inline
###########################################################################=
<br># Advisory #1 Title: HTML Injection Vulnerability in Simpbook( all verc=
ion)<br># <br># <br># Author: 0o_zeus_o0<br># Contact: <a href=3D"mailto:ze=
us@diosdelared.com">
zeus@diosdelared.com</a><br># Website: <a href=3D"http://olimpusklan.org">o=
limpusklan.org</a><br># Date: 23/12/2005<br># Risk: High <br># Vendor Url: =
<a href=3D"http://www.codegrrl.com">http://www.codegrrl.com</a><br># Affect=
ed Software: Simpbook
<br># Non Affected: <br># <br># We Are:olimpus klan team <br>#<br>#=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br>#TECHNICAL INFO:<br>#<br>#when bein=
g in the guest book HTML in the area of messages can be injected=20
<br>#with the next script<br>#<br>#Example:<br>#<br>#<h1>hi<br>#<br>#=
<script>alert('you hacked')</script><br>#<br>#or some inframe<b=
r>#<br>#<br>#<br>#<br>#=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D
<br>#<br>#VULNERABLE VERSIONS: all<br>#<br>#=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D<br>Contact information<br>#0o_zeus_o0<br>#zeus@<a href=
=3D"http://diosdelared.com">diosdelared.com</a><br>#www.olimpusklan.org
<br>#=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=
=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D=3D<br>#greetz: lady fire, fra=
ude, adi, xoxo , pandora, mbyte <br>#######################################=
#######################################
------=_Part_16313_1254748.1135355350143--