AdMentor Admin Login SQL Injection Vulnerability

Bugtraq ID:	22281
Class:	Input Validation Error
CVE:	CVE-2007-0575
Remote:	Yes
Local:	No
Published:	Jan 27 2007 12:00AM
Updated:	May 12 2015 07:35PM
Credit:	sn0oPy is credited with the discovery of this vulnerability.
Vulnerable:	ASPCode.net AdMentor 0
Not Vulnerable:

AdMentor Admin Login SQL Injection Vulnerability

AdMentor is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

AdMentor Admin Login SQL Injection Vulnerability

Attackers can exploit this issue via a web client.

Supplying the following to the administrative login page is sufficient to exploit this issue:

UserID = 'or' '='

Password = 'or' '='

The following proof-of-concept code is available:

• /data/vulnerabilities/exploits/22281.html

AdMentor Admin Login SQL Injection Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].

AdMentor Admin Login SQL Injection Vulnerability

References:

• AdMentor Product Page (ASPCode.net)
  
• AdMentor (banners) admin SQL injection (sn0oPy)
  
• AdMentor (banners) admin SQL injection ([email protected])
  
• AdMentor Script Remote SQL injection Exploit ([email protected])