Article Script v1.*and v1.6.3 Sql injection
Article Script versions v1.* and v1.6.3 are vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can allow the attacker to access the database and gain access to sensitive information such as usernames and passwords. The vulnerable parameter is the ‘category’ parameter in the ‘rss.php’ file. An example of a malicious query is http://www.victim.com/articles/rss.php?category=-1/**/union/**/select/**/1,2,login,password/**/from/**/users/* which can be used to extract the admin username and password. The dorks used to identify vulnerable websites are “Powered by Article Script”, “:: Article Script - New User Article ::”, “intitle:”:: Article Script -” and “Last Articles::”.
