Advanced Guestbook 2.2 and 2.3.1 and possibly other versions remote XSS vulnerabilities By: Handrix 16 December 2005 MorX security research team www.morx.org Description: Advanced Guestbook is a PHP-based guestbook script. index.php and comment.php scripts are vulnerable to XSS attacks. This issue can allow an attacker to bypass content filters and potentially carry out cross-site scripting, HTML injection and other attacks. Exploit: http://www.example.com/guestbook/index.php?entry= http://www.example.com/guestbook/index.php?entry= Vulnerable versions : Advanced Guestbook 2.2 Advanced Guestbook 2.3.1 ___________________________________________________________________________ Nouveau : téléphonez moins cher avec Yahoo! Messenger ! Découvez les tarifs exceptionnels pour appeler la France et l'international. Téléchargez sur http://fr.messenger.yahoo.com _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/