[转载]SiteEnable跨站脚本以及SQL injection漏洞

  信息来源：A^C^E

Summary
SiteEnable is "a simple content management, combined with powerful functionality". Two types security vulnerabilities have been found in the SiteEnable, one allows injecting arbitrary HTML and/or JavaScript, while the other allows injecting arbitrary SQL statements.

Credit:
The information has been provided by Zinho.

Details
Cross Site Scripting:
Due to poor filtering of the 'contenttype' variable a remote user can inject arbitrary HTML and/or JavaScript into the content returned to the user:
http://site/content.asp?contenttype=%3Cscript%3Ealert(document.cookie)%3C/script%3E

Another more severe script injection is in the Submit a Quote page in which neither title or description fields are filtered. This can affect all the visitors of the site. Anyone can inject a silent script and grab anyone's password or cookie.

SQL Injection:
The 'sortby' parameter is directly passed to the SQL string without any checks. The following URL can be used to determine whether you are vulnerable or not:
http://site/content.asp?do_searc ... p;sortby=;SELECT%20* FROM bla bla--