Banner Management Script SQL Injection

vendor:

Banner Management Script

by:

L0rd CrusAd3r aka VSN

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Banner Management Script

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

Banner Management Script SQL Injection

Banner Management Script can be one of the most useful tools for any webmaster. If you own 1 or more websites and want to sell banner top and bottom sponsor banner ads then this tool can be one of the best tool for you. Our Banner Management script allows you to sell banner ads on multiple websites from 1 place only. You can provide your advertisers with real time stats of impressions and hits. This script is easy to install and comes with a Free Installation so if you need any help in installations we will install it for no extra cost. A SQLi vulnerability was discovered in the trackads.php page, allowing an attacker to inject malicious SQL queries.

Mitigation:

Ensure that all user-supplied input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:Banner Management Script SQL Injection
Vendor url:http://www.yourfreeworld.com
Version:n/a
Price:59$
Published: 2010-06-19
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to
all ICW members.
Spl Greetz to:inj3ct0r.com Team, Andhra hackers.com

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Description:

Banner Management Script can be one of the most useful tools for any
webmaster.
If you own 1 or more websites and want to sell banner top and bottom sponsor
banner ads then this tool can be one of the best tool for you .

Our Banner Management script allows you to sell banner ads on multiple
websites from 1 place only. You can provide your advertisers with real time
stats of impressions and hits.

This script is easy to install and comes with a Free Installation so if you
need any help in installations we will install it for no extra cost.

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQLi Vulnerability

DEMO URL :

http://server/bannermanagerpro/trackads.php[sql]

# 0day n0 m0re #
# L0rd CrusAd3r #

-- 
With R3gards,
L0rd CrusAd3r