--Alt-Boundary-29920.9701600
Content-type: text/plain; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho's Security Advisory
Title: SiteEnable CMS Multiple Severe XSS and Sql injections
Risk: High
Date: 1/04/2005
Vendor: http://www.siteenable.com/default.asp
Quote from the Vendor: "SiteEnable starts at only $189.00"
I could test siteenable from their online demo: demo.siteenable.com
and after some minute I realized I was on another buggy cms.
---+ XSS:
http://demo.siteenable.com/content.asp?contenttype=%3Cscript%3Ealert(document.coo
kie)%3C/script%3E
Another more severe script injection is in the Submit a Quote page in which neither title
or description fields are sanitized. This can affect all the visitors of the site.
Anyone can inject a silent script and grab anyone's password or cookie.
----+ SQL Injection:
http://demo.siteenable.com/content.asp?do_search=0&keywords=contact&page_no=2&
sortby=;SELECT%20* FROM bla bla--
The sortby parameter is directly passed to the sql string without any check. This is sentor
of mental illness...
Once again I've not thoroughly tested SiteEnable for a time matter and because they do
not provide source code (it is sold at 189$). Probably other vulns can be found.
Author:
Zinho is webmaster and founder of http://www.hackerscenter.com , Security research
portal
Secure Web Hosting Companies Reviewed:
http://www.securityforge.com/web-hosting/secure-web-hosting.asp
zinho-no-spam @ hackerscenter.com
====>
Webmaster of
.:[ Hackers Center : Internet Security Portal]:.
http://www.hackerscenter.com
http://www.securityforge.com/web-hosting
--Alt-Boundary-29920.9701600
Content-type: text/html; charset=US-ASCII
Content-transfer-encoding: 7BIT
Content-description: Mail message body
Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho's Security Advisory
Title: SiteEnable CMS Multiple Severe XSS and Sql injections
Risk: High
Date: 1/04/2005
Vendor: http://www.siteenable.com/default.asp
Quote from the Vendor: "SiteEnable starts at only $189.00"
I could test siteenable from their online demo: demo.siteenable.com
and after some minute I realized I was on another buggy cms.
---+ XSS:
http://demo.siteenable.com/content.asp?contenttype=%3Cscript%3Ealert(document.cookie)%3C/script%3E
Another more severe script injection is in the Submit a Quote page in which neither title
or description fields are sanitized. This can affect all the visitors of the site.
Anyone can inject a silent script and grab anyone's password or cookie.
----+ SQL Injection:
http://demo.siteenable.com/content.asp?do_search=0&keywords=contact&page_no=2&sortby=;SELECT%20*
FROM bla bla--
The sortby parameter is directly passed to the sql string without any check. This is sentor
of mental illness...
Once again I've not thoroughly tested SiteEnable for a time matter and because they do
not provide source code (it is sold at 189$). Probably other vulns can be found.
Author:
Zinho is webmaster and founder of http://www.hackerscenter.com , Security research
portal
Secure Web Hosting Companies Reviewed:
http://www.securityforge.com/web-hosting/secure-web-hosting.asp
zinho-no-spam @ hackerscenter.com
====>
Webmaster of
.:[ Hackers Center : Internet Security Portal]:.
http://www.hackerscenter.com
http://www.securityforge.com/web-hosting
--Alt-Boundary-29920.9701600--