Basic Guest Book Hacking
So you have found a guest book which allows for HTML injection, so what now, what can you do?
You can do alot of interesting stuff with HTML injection (Which is actually called XSS).
Like what...
So we know that we can enter HTML into the page, chances are if the owner hasn't stopped you putting HTML into the page, chances are they wont have stopped you putting PHP into the page (this will only work if the website is hosted on a host which has PHP installed for the users, most hosts allow for PHP pages i believe).
But what if you can't inject PHP into the guest book
Ok so you can't inject PHP directly into the guest book, unlucky.
But its not the end of the world, lets think through HTML and think what we might be able to use here, what allows us to put things into a webpage without having the processing done on that website...
IFRAME, FRAME, EMBED, APPLET
FRAME, IFRAME
Lets think you want to get a php page on to a website which only accepts HTML, so lets give it some HTML.