Hackers Center Security Group (http://www.hackerscenter.com/)     
Zinho's Security Advisory      


Title: SiteEnable CMS Multiple Severe XSS and Sql injections 
Risk: High   
Date: 1/04/2005     
Vendor: http://www.siteenable.com/default.asp 
Quote from the Vendor: "SiteEnable starts at only $189.00" 


I could test siteenable from their online demo: demo.siteenable.com 
and after some minute I realized I was on another buggy cms. 

---+ XSS: 
http://demo.siteenable.com/content.asp?contenttype=%3Cscript%3Ealert(document.coo kie)%3C/script%3E 

Another more severe script injection is in the Submit a Quote page in which neither title  or description fields are sanitized. This can affect all the visitors of the site. 
Anyone can inject a silent script and grab anyone's password or cookie. 

----+ SQL Injection: 
http://demo.siteenable.com/content.asp?do_search=0&keywords=contact&page_no=2& sortby=;SELECT%20* FROM bla bla-- 

The sortby parameter is directly passed to the sql string without any check. This is sentor  of mental illness... 


Once again I've not thoroughly tested SiteEnable for a time matter and because they do  not provide source code (it is sold at 189$). Probably other vulns can be found. 


Author:      
Zinho is webmaster and founder of http://www.hackerscenter.com ,   Security research   portal    
Secure Web Hosting Companies Reviewed:   
http://www.securityforge.com/web-hosting/secure-web-hosting.asp   

zinho-no-spam @ hackerscenter.com