###########################################################################
#TECHNICAL INFO
#================================================================
#An input validation vulnerability in SimpBook has been reported, which can be exploited
#by remote users to conduct cross-site scripting attacks.
#User-supplied input passed to the "message" field isn't sanitised before being stored in
#the guestbook. This can be exploited to execute arbitrary script code in the security context
#of an affected website, as a result the code will be able to access any of the target user's
#cookies, access data recently submitted by the target user via web form to the site, or take
#actions on the site acting as the target user.
#Successful exploitation requires that "html_enable" is set to "on" in "config.php".
#This is set to"on" in the default installation.
#Solution:
#Set "html_enable" to "off" in " config.php" or edit the source code to ensure that input is properly sanitised.
#VULNERABLE VERSIONS
#================================================================
#SimpBook version 1.0. Other versions may also be affected.
#================================================================
#Contact information
#0o_zeus_o0
#[email protected]
#www.olimpusklan.org
#================================================================
#greetz: lady fire, fraude, xoxo, El_Mesias
##############################################################################