Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormZinhoPACKETSTORM:36940
HistoryApr 14, 2005 - 12:00 a.m.

SiteEnableXSSnSQL.txt

2005-04-1400:00:00
Zinho
packetstormsecurity.com
18
JSON
`--Alt-Boundary-29920.9701600  
Content-type: text/plain; charset=US-ASCII  
Content-transfer-encoding: 7BIT  
Content-description: Mail message body  
  
Hackers Center Security Group (http://www.hackerscenter.com/)   
Zinho's Security Advisory   
  
  
Title: SiteEnable CMS Multiple Severe XSS and Sql injections  
Risk: High   
Date: 1/04/2005   
Vendor: http://www.siteenable.com/default.asp  
Quote from the Vendor: "SiteEnable starts at only $189.00"  
  
  
I could test siteenable from their online demo: demo.siteenable.com  
and after some minute I realized I was on another buggy cms.  
  
---+ XSS:  
http://demo.siteenable.com/content.asp?contenttype=%3Cscript%3Ealert(document.coo  
kie)%3C/script%3E  
  
Another more severe script injection is in the Submit a Quote page in which neither title   
or description fields are sanitized. This can affect all the visitors of the site.  
Anyone can inject a silent script and grab anyone's password or cookie.  
  
----+ SQL Injection:  
http://demo.siteenable.com/content.asp?do_search=0&keywords=contact&page_no=2&  
sortby=;SELECT%20* FROM bla bla--  
  
The sortby parameter is directly passed to the sql string without any check. This is sentor   
of mental illness...  
  
  
Once again I've not thoroughly tested SiteEnable for a time matter and because they do   
not provide source code (it is sold at 189$). Probably other vulns can be found.  
  
  
Author:   
Zinho is webmaster and founder of http://www.hackerscenter.com , Security research   
portal   
Secure Web Hosting Companies Reviewed:   
http://www.securityforge.com/web-hosting/secure-web-hosting.asp   
  
zinho-no-spam @ hackerscenter.com   
  
  
====>  
Webmaster of  
.:[ Hackers Center : Internet Security Portal]:.  
http://www.hackerscenter.com  
http://www.securityforge.com/web-hosting  
  
  
  
--Alt-Boundary-29920.9701600  
Content-type: text/html; charset=US-ASCII  
Content-transfer-encoding: 7BIT  
Content-description: Mail message body  
  
<?xml version="1.0" ?><html>  
<head>  
<title></title>  
</head>  
<body>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Hackers Center Security Group (</span></font><font face="Arial" color="#0000ff"><span style="font-size:10pt"><u>http://www.hackerscenter.com/</u>)</span></font><font   
face="Arial"><span style="font-size:10pt"> </span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Zinho's Security Advisory </span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Title: SiteEnable CMS Multiple Severe XSS and Sql injections</span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Risk: High </span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Date: 1/04/2005 </span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Vendor: http://www.siteenable.com/default.asp</span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Quote from the Vendor: "SiteEnable starts at only $189.00"</span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">I could test siteenable from their online demo: demo.siteenable.com</span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">and after some minute I realized I was on another buggy cms.</span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">---+ XSS:</span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">http://demo.siteenable.com/content.asp?contenttype=%3Cscript%3Ealert(document.cookie)%3C/script%3E</span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Another more severe script injection is in the Submit a Quote page in which neither title   
or description fields are sanitized. This can affect all the visitors of the site.</span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Anyone can inject a silent script and grab anyone's password or cookie.</span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">----+ SQL Injection:</span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">http://demo.siteenable.com/content.asp?do_search=0&keywords=contact&page_no=2&sortby=;SELECT%20*   
FROM bla bla--</span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">The sortby parameter is directly passed to the sql string without any check. This is sentor   
of mental illness...</span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Once again I've not thoroughly tested SiteEnable for a time matter and because they do   
not provide source code (it is sold at 189$). Probably other vulns can be found.</span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Author: </span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Zinho is webmaster and founder of </span></font><font face="Arial" color="#008000"><span style="font-size:10pt"><u>http://www.hackerscenter.com</u></span></font><font   
face="Arial"><span style="font-size:10pt"> , Security research   
portal </span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Secure Web Hosting Companies Reviewed: </span></font></div>  
<div align="left"><font face="Arial" color="#008000"><span style="font-size:10pt"><u>http://www.securityforge.com/web-hosting/secure-web-hosting.asp</u></span></font><font face="Arial"><span   
style="font-size:10pt"> </span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">zinho-no-spam @ hackerscenter.com </span></font></div>  
<div align="left"><br/></div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">====></span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Webmaster of</span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">.:[ Hackers Center : Internet Security Portal]:.</span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">http://www.hackerscenter.com</span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">http://www.securityforge.com/web-hosting</span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"></div>  
</body>  
</html>  
  
--Alt-Boundary-29920.9701600--  
`
JSON