Advisory: GaesteChaos <= 0.2 Multiple Vulnerabilities
  Release Date: 2006/08/04
 Last Modified: 2006/08/03
        Author: Tamriel [tamriel at gmx dot net]
   Application: GaesteChaos <= 0.2
          Risk: Moderate
 Vendor Status: not contacted
   Vendor Site: www.chaossoft.de


 Overview:

   Quote from www.chaossoft.de:

   "GaesteChaos ist ein Gaestebuch für Ihre Homepage. Es 
    ist klein und kompakt in PHP geschrieben und benutzt 
    mySQL, um die Daten abzuspeichern."


 Details:

   1) In the eintragen.php are some possible cross site scripting
      vulnerabilities.

      This can be used to insert malicious code that will be executed
      on the client's machine.

      The input fields "gastname" and "gastwohnort" will be not checked
      by this script.

      
   2) SQL Injection Vulnerabilities in eintragen.php
      (arround line 35-45)
      
      ...
      
      mysql_db_query($database, "INSERT INTO $tabellekommentar SET 
      eintragid = '$komwelches', name = '$gastname',email = '$gastemail', 
      wohnort = '$gastwohnort', datum ='$timestamp', ip = '$tempip', 
      host = '$hosti', homepage = '$gasthomepage', eintrag = '$gasteintrag', 
      geschlecht = '$geschlechti'");

      ...

 Solution:

      Take a view on PHP's htmlentities and mysql_real_escape_string functions.