Article Publisher PRO v2.1.2 SQL Injection Vulnerability
Posted on 07 June 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Article Publisher PRO v2.1.2 SQL Injection Vulnerability</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>======================================================== Article Publisher PRO v2.1.2 SQL Injection Vulnerability ======================================================== 1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=0 0 _ __ __ __ 1 1 /' __ /'__` / \__ /'__` 0 0 /\_, ___ /\_/\_ ___ ,_/ / _ ___ 1 1 /_/ /' _ ` / /_/_\_<_ /'___ / /`'__ 0 0 / / / / \__/ \_ \_ / 1 1 \_ \_ \_\_ \____/ \____\ \__\ \____/ \_ 0 0 /_//_//_/ \_ /___/ /____/ /__/ /___/ /_/ 1 1 \____/ >> Exploit database separated by exploit 0 0 /___/ type (local, remote, DoS, etc.) 1 1 1 0 [+] Site : Inj3ct0r.com 0 1 [+] Support e-mail : submit[at]inj3ct0r.com 1 0 0 1 ########################################## 1 0 I'm Sid3^effects member from Inj3ct0r Team 1 1 ########################################## 0 0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-1 Name : Article Publisher PRO v2.1.2 SQLi vulnerability Date : june, 7 2010 Author : sid3^effects <shell_c99[at]yahoo.com> vendor url : http://www.articlepublisherpro.com/ Dork : Powered by Article Publisher PRO v2.1.2 special thanks to : r0073r (inj3ct0r.com),*L0rd ãrusAdÉr*,aa_Numb(MaYur),LiquidWorm,gunslinger_ greetz to : MR.SoOoFe,Ked@r,dec0d3r,41.w4r10r and all ICW members. ############################################################################################################### Description: On the web, content is king... but managing a website with a large amount of content can be challenging, to say the least. If the right foundation is used, the job can be easy. If not, it can become a full-time job... and a huge chore! Who needs that? Creating your site's content can happen in many ways with Article Publisher PRO, a time-proven article management system. You can write articles or post your own news reports, you can allow others to contribute their articles and news items, and you can subscribe to RSS feeds from a wide variety of sources and post clips. Managing articles and comments is easy, too, with the many options provided by our article management script.it really is a comprehensive content management system oriented toward efficient handling of articles and news clippings. ############################################################################################################## Sql injection vulnerability is found in Article Publisher PRO v2.1.2 Xploit : sqli demo url:http://article-publisher-pro.phparticlescript.com/send_to_friend.php?art_id=[Sqli] ############################################################################################################## # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-06-07]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
