AdMan v1.0.x SQL vuln
############################################################
Vuln. discovered by : r0t
Date: 23 march 2006
vendor:www.formfields.com/adManArea/
affected versions: v1.0.20051221 and prior
orginal advisory:
http://pridels.blogspot.com/2006/03/adman-v10x-sql-vuln.html
############################################################
SQL vuln.
AdMan contains a flaw that allows a remote sql injection
attacks.Inputpassed to the "transactions_offset" parameter in
"advertiser/viewStatement.php" isn't properly sanitised before being used in
a SQL query. This can be exploited to manipulate SQL queries by injecting
arbitrary SQL code
example:
/adMan/advertiser/viewStatement.php?start_date_date_month=03
&start_date_date_day=01&start_date_date_year=2008&start_date
_time_hour=12&start_date_time_min=00&start_date_time_amPm=AM
&end_date_date_month=&end_date_date_day=&end_date_date_year=
&end_date_time_hour=&end_date_time_min=&end_date_time_amPm=&
_submit=&transactions_offset=[SQL]
############################################################
To get full install. path:
/adMan/advertiser/editCampaign.php?campaignId=
/adMan/advertiser/viewPricingScheme.php?schemeId=
###########################################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###########################################################
You can discuz about that vuln.
@ unsecured-systems.com/forum