Someone must have taken the pass out of the guestbook, because I spent a long time searching it with no luck. Then I had an idea maybe someone just posted the pass to be a *dick in there. This mission can't be that easy, and why would a kids guestbook have administration pass.
So then I started from scratch again, what's with this website. AH! A huge exploit is sitting right in-front of me! I don't use windows ( billy boy isn't stepping a foot in my home ) so I'm not very good with windows commands. Had to really think about the clues given by the mission. Although the exploit is there, doesn't mean you will see it right away. To be honest sometimes the easiest of exploits sitting right in front of you are very well hidden by your imagination.
For some it will be easy, but then with others like myself you will beat your head on a desk.
You will need to understand how a url works in this instance and how to make it work for what you want. Look at the pages source in firebug and see how the guestbook is being served.
I don't want to give to much away, you will learn something new from this and always new things are great to have under your belt.