Check or Attack Name: GuestBookCheck

The guestbook CGI program contains a vulnerability that allows a remote attacker to execute arbitrary commands on a web server. This is present in Selena Sol's guestbook on servers with Server Side Includes enabled.

Modify the guestbook.setup file, adding the word exec to the comma delimited @bad_words variable.

Modify the guestbook.setup file so that the @allow_html variable is set to no.

CERT Vendor-Initiated Bulletin VB-97.02, Security Hole in Guestbook Script for Web Servers Using SSI, http://www.cert.org/ftp/cert_bulletins/VB-97.02.sol_guestbook