BannerManager v0.81 SQL Injection Vulnerability

vendor:

BannerManager

by:

rootzig

CVSS

HIGH

SQL Injection

CWE

Product Name: BannerManager

Affected Version From: v0.81

Affected Version To: v0.81

Patch Exists: NO

Related CWE: N/A

CPE: a:bannermanager:bannermanager:0.81

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

BannerManager v0.81 SQL Injection Vulnerability

BannerManager v0.81 is vulnerable to SQL injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, such as user credentials, or to execute arbitrary code on the server.

Mitigation:

The application should use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

#################################################
#                                               #
# SISTEMA DE BANNER: BannerManager v0.81        #
# http://sourceforge.net/projects/bannermanager #
# --------------------------------------        # 
# vulnerable: sql injection :)                  #     
# Found by: rootzig                             #
# --------------------------------------        #
#################################################
                      Greetz: Eviwrite :P
                      -------------------
-----------------------------------------

/Banner/default.asp
/[patch]/default.asp

-----------------------------------------

Login: or 1=1 
Pass : or 1=1
        
-----------------------------------------

# milw0rm.com [2009-02-26]