COMMAND

	Orplex guestbook script injection

SYSTEMS AFFECTED

	current version

PROBLEM

	Black   Tigerz   Research   Group   [http://www.blacktigerz.org]   found
	following  about  Orplex,  a  free  asp  guestbook.  Main  fetures  are:
	inserting  smiles  as  icons;   web-based   administration;   bad   word
	filtering. [http://www.orplex.com].
	
	addentry.asp  neglects  filtering  user  input   allowing   for   script
	injection  to  the  guestbook  via  "Name"  and  "Massage"  fields.  The
	injected script will be executed  in  anyones  browser  who  visits  the
	guestbook.

SOLUTION

	Unknown