--Alt-Boundary-29920.9701600 Content-type: text/plain; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body Hackers Center Security Group (http://www.hackerscenter.com/) Zinho's Security Advisory Title: SiteEnable CMS Multiple Severe XSS and Sql injections Risk: High Date: 1/04/2005 Vendor: http://www.siteenable.com/default.asp Quote from the Vendor: "SiteEnable starts at only $189.00" I could test siteenable from their online demo: demo.siteenable.com and after some minute I realized I was on another buggy cms. ---+ XSS: http://demo.siteenable.com/content.asp?contenttype=%3Cscript%3Ealert(document.coo kie)%3C/script%3E Another more severe script injection is in the Submit a Quote page in which neither title or description fields are sanitized. This can affect all the visitors of the site. Anyone can inject a silent script and grab anyone's password or cookie. ----+ SQL Injection: http://demo.siteenable.com/content.asp?do_search=0&keywords=contact&page_no=2& sortby=;SELECT%20* FROM bla bla-- The sortby parameter is directly passed to the sql string without any check. This is sentor of mental illness... Once again I've not thoroughly tested SiteEnable for a time matter and because they do not provide source code (it is sold at 189$). Probably other vulns can be found. Author: Zinho is webmaster and founder of http://www.hackerscenter.com , Security research portal Secure Web Hosting Companies Reviewed: http://www.securityforge.com/web-hosting/secure-web-hosting.asp zinho-no-spam @ hackerscenter.com ====> Webmaster of .:[ Hackers Center : Internet Security Portal]:. http://www.hackerscenter.com http://www.securityforge.com/web-hosting --Alt-Boundary-29920.9701600 Content-type: text/html; charset=US-ASCII Content-transfer-encoding: 7BIT Content-description: Mail message body