Banner Management Script SQL注入漏洞

[+]info:
~~~~~~~~~
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:Banner Management Script SQL Injection
Vendor url:http://www.yourfreeworld.com
Version:n/a
Price:59$
Published: 2010-06-19
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to
all ICW members.
Spl Greetz to:inj3ct0r.com Team, Andhra hackers.com
Description:

Banner Management Script can be one of the most useful tools for any
webmaster.
If you own 1 or more websites and want to sell banner top and bottom sponsor
banner ads then this tool can be one of the best tool for you .

Our Banner Management script allows you to sell banner ads on multiple
websites from 1 place only. You can provide your advertisers with real time
stats of impressions and hits.

This script is easy to install and comes with a Free Installation so if you
need any help in installations we will install it for no extra cost.

[+]poc:
~~~~~~~~~
http://server/bannermanagerpro/trackads.php[sql]

[+]Reference:
~~~~~~~~~
http://www.exploit-db.com/exploits/13929