Banner Management Script - SQL Injection

Author: L0rd CrusAd3r
type: webapps
platform: php
port: 
date_added: 2010-06-17 
date_updated:  
verified: 1 
codes: OSVDB-65642;CVE-2010-4981 
tags: 
aliases:  
screenshot_url:  
application_url: 

Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:Banner Management Script SQL Injection
Vendor url:http://www.yourfreeworld.com
Version:n/a
Price:59$
Published: 2010-06-19
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to
all ICW members.
Spl Greetz to:inj3ct0r.com Team, Andhra hackers.com

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Description:

Banner Management Script can be one of the most useful tools for any
webmaster.
If you own 1 or more websites and want to sell banner top and bottom sponsor
banner ads then this tool can be one of the best tool for you .

Our Banner Management script allows you to sell banner ads on multiple
websites from 1 place only. You can provide your advertisers with real time
stats of impressions and hits.

This script is easy to install and comes with a Free Installation so if you
need any help in installations we will install it for no extra cost.

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQLi Vulnerability

DEMO URL :

http://server/bannermanagerpro/trackads.php[sql]

# 0day n0 m0re #
# L0rd CrusAd3r #

--
With R3gards,
L0rd CrusAd3r