• info
• discussion
• exploit
• solution
• references

Guestserver HTML Injection Vulnerability

No exploit is required.

The following proof of concept was provided by the discoverer of this vulnerability. They conjecture that supplying the following code excerpt to the message field would cause erroneous data to be displayed on the main page:
<iframe src="http://www.example.com" width="800px" height="600px" scrolling="no"></iframe>