Date: 14.04.2003 Subject: FipsGuestbook Version 1.12.7 script injection. Description: Written entirely in ASP and VBScript, easy to install ASP guestbook manager with web based administration panel. Vendor: FipsASP http://www.fips.at.tf Vulnerability: new_entry.asp neglects filtering user input allowing for script injection to the guestbook via "Name" field. The injected script will be executed in anyones browser who visits the guestbook. Black Tigerz Research Group We are:Areus,Barracuda,n1Tr0f4n,Velzevol,n3ch,drG4njubas. Please visit our website: http://www.blacktigerz.org
