From: "Lipako GmbH, Wismar" <lipakowismar(at)t-online.de>
To: moderators(at)osvdb.org
Date: Wed, 15 Mar 2006 11:47:15 +0100
Subject: [OSVDB Mods] [OSVDB] New Vulnerability

hi there,

there is an german open source guestbook called "PHP-Gästebuch" which is
vulnerable to xss attacks.
search with google for "Powered by PHP-Gästebuch v1.61"

Product : PHP-Gästebuch 1.61

the guestbook use guestbook_newentry.php to add a new entry.
in the comment (in german "Kommentar") - field you have only to write

</textarea><script>alert(foo)</script>

left the name-field emtpy, the form will be reload and the script execute


Greetz from germany