--Alt-Boundary-29920.9701600 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Hackers Center Security Group (http://www.hackerscenter.com/) Zinho's Security Advisory Title: SiteEnable CMS Multiple Severe XSS and Sql injections Risk: High Date: 1/04/2005 Vendor: http://www.siteenable.com/default.asp Quote from the Vendor: "SiteEnable starts at only $189.00" I could test siteenable from their online demo: demo.siteenable.com and after some minute I realized I was on another buggy cms. ---+ XSS: http://demo.siteenable.com/content.asp?contenttype=%3Cscript%3Ealert(document.coo kie)%3C/script%3E Another more severe script injection is in the Submit a Quote page in which neither title or description fields are sanitized. This can affect all the visitors of the site. Anyone can inject a silent script and grab anyone's password or cookie. ----+ SQL Injection: http://demo.siteenable.com/content.asp?do_search=0&keywords=contact&page_no=2& sortby=;SELECT%20* FROM bla bla-- The sortby parameter is directly passed to the sql string without any check. This is sentor of mental illness... Once again I've not thoroughly tested SiteEnable for a time matter and because they do not provide source code (it is sold at 189$). Probably other vulns can be found. Author: Zinho is webmaster and founder of http://www.hackerscenter.com , Security research portal Secure Web Hosting Companies Reviewed: http://www.securityforge.com/web-hosting/secure-web-hosting.asp zinho-no-spam @ hackerscenter.com ====> Webmaster of .:[ Hackers Center : Internet Security Portal]:. http://www.hackerscenter.com http://www.securityforge.com/web-hosting --Alt-Boundary-29920.9701600 Content-type: text/html; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body
Hackers Center Security Group (http://www.hackerscenter.com/)   
Zinho's Security Advisory    


Title: SiteEnable CMS Multiple Severe XSS and Sql injections
Risk: High 
Date: 1/04/2005   
Vendor: http://www.siteenable.com/default.asp
Quote from the Vendor: "SiteEnable starts at only $189.00"


I could test siteenable from their online demo: demo.siteenable.com
and after some minute I realized I was on another buggy cms.

---+ XSS:
http://demo.siteenable.com/content.asp?contenttype=%3Cscript%3Ealert(document.cookie)%3C/script%3E

Another more severe script injection is in the Submit a Quote page in which neither title or description fields are sanitized. This can affect all the visitors of the site.
Anyone can inject a silent script and grab anyone's password or cookie.

----+ SQL Injection:
http://demo.siteenable.com/content.asp?do_search=0&keywords=contact&page_no=2&sortby=;SELECT%20* FROM bla bla--

The sortby parameter is directly passed to the sql string without any check. This is sentor of mental illness...


Once again I've not thoroughly tested SiteEnable for a time matter and because they do not provide source code (it is sold at 189$). Probably other vulns can be found.


Author:    
Zinho is webmaster and founder of http://www.hackerscenter.com ,   Security research portal  
Secure Web Hosting Companies Reviewed: 
http://www.securityforge.com/web-hosting/secure-web-hosting.asp 

zinho-no-spam @ hackerscenter.com   


====>
Webmaster of
.:[ Hackers Center : Internet Security Portal]:.
http://www.hackerscenter.com
http://www.securityforge.com/web-hosting

--Alt-Boundary-29920.9701600--