Hi friends, Big Blue Guestbook software is prone to HTML injection attacks. This issue is exposed via the message form field in the guestbook entry submission form. Exploitation could permit remote attackers to persistently inject hostile HTML and script code into guestbook content. This could allow for theft of cookie-based authentications or other attacks, such as those which misrepresent guestbook content. vendor : http://www.ben-barnett.com/guestbook.php download : http://www.ben-barnett.com/BigBlueGuestbook.zip Thnx: www.starhack.org // CaRaMeL
