--+ Creating Havok With Guestbooks +-- 
========================================================


Intro:
 I wrote this text because there are too many 
guestbooks out there that are too easy to screw up. 
Anyone can go to someone's guestbook, insert some HTML 
source and totally screw it up. It works because it is 
not just an ordinary .html file, it is a CGI program 
that when a user submits the information, it saves the 
information submited by the user to a file and when the 
web page is reloaded from then on, the information 
submitted by the user is posted on the web page. 

Here's how to know if a guestbook is vulnerable. In the 
text area where you submit your thoughts to the web 
page, put <big><big>blah blah</big></big>. Now reload 
the web page. If it says "blah blah" in big text, then 
the guestbook is vulnerable. With this in mind, any HTML 
tags that exist can be posted on the web page. Keep in 
mind that unless you actually hack the users account 
itself, you cant put files in his network, so you will 
have to use some Geocities or Tripod account to store 
your sound files. If a little mischievous person wanted 
to put sound on the page, he'd put:
<embed src="http://www.hispage.com/somesong.mid" autostart="true">. 
If the owner of the site had a picture of himself, you 
could draw horns on his head and ftp it to your 
Geocities account and submit this to the guestbook: 
<img src="http://www.geocities.com/whatever/soho/7813/bob_is_ugly.jpg">
If you end up being stupid and doing this to some big 
company and want to stall your tracks for a while, you 
can start a table but not finish it, therefore Netscape 
will not load the page. 
Example:

<table>
<tr>
  <td>

...But what about Internet Explorer? No worries ;]
just put frames in it.
Example:

<frameset cols=120,* border=0>
 <frame src="whatever.html" noresize>
 <frame src="whatever.html" noresize>
</frameset>
<noframes>
Your Browser Stinks! Get Netscape.
</noframes>

...That should do it for both browsers. But of course 
it doesn't work on Lynx (the best browser of all).

I did not create this text so you will go around all 
over the internet, I did it so incase you are looking 
to create a guestbook for your site, you'll keep this 
stuff in mind when you make it. 

;]

========================================================

This phile may be destributed freely.

nidgid@thepentagon.com
http://members.tripod.com/~hack_texts/