ArticleMS 2.0 Cross Site Scripting

2009-12-13T00:00:00
ID PACKETSTORM:83757
Type packetstorm
Reporter Packetdeath
Modified 2009-12-13T00:00:00

Description

                                        
                                            ` __________ __ __ .___ __ .__   
\______ \_____ ____ | | __ _____/ |_ __| _/____ _____ _/ |_| |__   
| ___/\__ \ _/ ___\| |/ // __ \ __\/ __ |/ __ \\__ \\ __\ | \   
| | / __ \\ \___| <\ ___/| | / /_/ \ ___/ / __ \| | | Y \  
|____| (____ /\___ >__|_ \\___ >__| \____ |\___ >____ /__| |___| /  
\/ \/ \/ \/ \/ \/ \/ \/   
  
  
  
Target: ArticleMS   
Version: 2.0  
Exploit Type: XSS Vulnerability  
Price: FREE  
Author: Packetdeath  
Homepage: www.ssteam.ws  
Contact: yaii_abc@hotmail.com   
Skype: Packetdeath  
Greetz: bi0 and all my people @ SSTeam  
  
#---------------------------------------------------------------------------------------------------------------#  
A user could exploit this issue to the fullest, stealing cookies and session data...  
  
#---------------------------------------------------------------------------------------------------------------#  
  
Demo: http://demo.articlems.com  
  
Exploit: http://victimsite.net/[PATH]/search/?a=search&q=PACKETDEATH&advanced=1&sortby=0&finddate=0&c[]=[XSS]  
  
#---------------------------------------------------------------------------------------------------------------#  
  
  
  
:( Awe, my mountaindew is GONE!  
  
/Packetdeath`