TUCoPS :: Web :: Guestbooks :: tb10580.htm

Big Blue Guestbook HTML Injection Vulnerabilities
Big Blue Guestbook HTML Injection Vulnerabilities
Big Blue Guestbook HTML Injection Vulnerabilities


Hi friends, 


Big Blue Guestbook software is prone to HTML injection attacks. This issue is exposed via the message form field in the 

guestbook entry submission form. 

Exploitation could permit remote attackers to persistently inject hostile HTML and script code into guestbook content. This 

could allow for theft of cookie-based authentications or other attacks, such as those which misrepresent guestbook content. 

vendor : http://www.ben-barnett.com/guestbook.php 
download : http://www.ben-barnett.com/BigBlueGuestbook.zip 

Thnx: www.starhack.org // CaRaMeL

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH