• IDP Daily Update #1312
  posted: 11/18/08
  
• NSM Daily Update #1312
  posted: 11/18/08
  
• Deep Inspection 5.3r5 and above, 5.4, 6.0 #1312
  posted: 11/18/08
  
• Deep Inspection 5.1, 5.2, 5.3r4 and below #1300
  posted: 11/18/08
  
• Deep Inspection 5.0 #1132
  posted: 04/01/08
  
• Antivirus
  posted: 11/17/08

Text Size:        

• Product Information
• Security Products Overview
• Juniper Networks ISG Series
• IDP Demo
• Product Poster & Z-Card 

Title: Unique Ads Banner.PHP SQL Injection Vulnerability

Severity: MODERATE

Description:

Unique Ads is a web-based banner-ad application impemented in PHP.

The application is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input to the 'bid' parameter of the 'banner.php' script before using it in an SQL query:

Exploiting this vulnerability could permit remote attackers to pass malicious input to database queries, resulting in the modification of query logic or other attacks.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

This issue affects version 1; other versions may also be vulnerable.

Affected Products:

• EgypTechno Unique Ads 1

References:

• EgypTechno: EgypTechno Homepage