idevspot Text ads 2.08 sqli vulnerability

vendor:

TextAds

by:

Sid3^effects

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: TextAds

Affected Version From: 2.08

Affected Version To: 2.08

Patch Exists: YES

Related CWE: N/A

CPE: idevspot:textads

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2010

idevspot Text ads 2.08 sqli vulnerability

The idevspot TextAds V2.08 suffers from a SQL injection vulnerability. An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.

Source

Exploit-DB raw data:

# Title:idevspot Text ads 2.08 sqli vulnerability
# Author: Sid3^effects
# Published: 2010-06-06
# price:$147
# email:shell_c99@yahoo.com
# vendor: idevspot
# url : http://www.idevspot.com/TextAds2.php
# google dork : Powered by TextAds 2.08

############################################################################
        ooooo  .oooooo.  oooooo   oooooo     oooo 
        `888' d8P'  `Y8b  `888.    `888.     .8' 
         888 888           `888.   .8888.   .8' 
         888 888            `888  .8'`888. .8' 
         888 888             `888.8'  `888.8'  
         888 `88b    ooo      `888'    `888' 
        o888o `Y8bood8P'       `8'      `8'    
                                          
-------------------------------------------------------------------------------------- 
#####################Sid3^effects aKa HaRi################################## 
#Greetz to all Andhra Hackers and ICW Memebers[Indian Cyber Warriors] 
#Thanks:*L0rd ÇrusAdêr*,d4rk-blu™®,R45C4L,CR4C|< 008,M4n0j,MaYuR 
#ShouTZ:kedar,dec0d3r,41.w4r10r
#spl shoutz:LiquidWorm,gunslinger_ :D      
#Catch us at www.andhrahackers.com or www.teamicw.in 
############################################################################ 
Description :
Increase your website revenue by selling text advertisement spots on your website. TextAds is a fully automated,
impression based text advertisement system. It includes client and administrative control panels and supports
Paypal (client) billing. Our easy installation will have most users up and running quickly. Customization is also
quite easy, even for the non-programmer. Many additional features are yours as well with TextAds, please come
check them out at our website 
############################################################################ 
Xploit :
The idevspot TextAds V2.08 suffers from sqli
Demo : http://server/textads_2/index.php?page=[sqli]
         
############################################################################ 
#spl thks: exploit-db.com
#Sid3^effects