COMMAND

	ISC guestbook script injection vulnerability

SYSTEMS AFFECTED

	current version

PROBLEM

	Black Tigerz Research Group [www.blacktigerz.org] found following  about
	ISC guestbook, Free, easy to use asp  powered  guestbook.  Main  fetures
	are:     web-based     administration,      bad      word      filtering
	[http://www.isc-online.at/].
	
	gb_eintragen.asp neglects  filtering  user  input  allowing  for  script
	injection to the guestbook  via  "Ihr  Name",  "Ihre  EMail"  and  "Ihre
	Homepage" fields. The  injected  script  will  be  executed  in  anyones
	browser who visits the guestbook.

SOLUTION

	??