by r0t,der4444,cembo,VietMafia

Sunday, November 27, 2005

ADC2000 NG Pro SQL inj. vuln.

ADC2000 NG Pro SQL inj. vuln.
Vuln. dicovered by : r0t
Date: 27 nov. 2005
vendor:http://www.td-systems.com/products/
affected version: 1.2 and ADC2000 NG Pro Lite

Product Description:
AD Center 2000 NG Pro is a professional version of banner exchange software for organizing your own Banner Exchange. Software uses MySQL backend, and has rich media ads support, multibanner support, advanced targeting, multilanguage support, flash stats and much more. C-engine with internal cache system allow you to have huge loadings and show up to 6 millions banners per day.

Vuln. description:
Input passed to the "lang" and "cat" parameter in "adcbrowres.php" isn't properly sanitised before being used in a SQL query.This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

example:
/adcbrowres.php?lang=english&cat=[SQL]
/adcbrowres.php?lang=[SQL]

Solution:
Edit the source code to ensure that input is properly sanitised.

0 Comments:

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew