Sakki's guestbook V.1.01 script injection vulnerability.

["drG4njubas" <drG4nj () mail ru>]

This advisory can be found at www.blacktigerz.org.

Description:
Easy to manage and configure asp powered guestbook.
Works with MS Access database or without it.

Vendor:
http://www.sakki.net

Vulnerability:
gb.asp neglects filtering user input allowing for script injection to
the guestbook via 
"name" , "city/state" and "own url" fields. The injected script will be
executed in anyones 
browser who visits the guestbook.
____________________________
Best Regards,   drG4njubas
Black Tigerz Research Group
http://www.blacktigerz.org