CVE-2008-6364

Ad Server Solutions Banner Exchange Solution Java - SQL Injection via Logon Process

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 1 public exploit for CVE-2008-6364. PoCs published by R3d-D3V!L.

AI-analyzed exploit summary This is a writeup describing an authentication bypass vulnerability via SQL injection in Banner Exchange Java. It provides credentials to exploit the vulnerability but does not include executable code.

Description

SQL injection vulnerability in logon_process.jsp in Ad Server Solutions Banner Exchange Solution Java allows remote attackers to execute arbitrary SQL commands via the (1) username (uname parameter) and (2) password (pass parameter). NOTE: some of these details are obtained from third party information.

Exploits (1)

exploitdb WRITEUP VERIFIED
by R3d-D3V!L · textwebappsasp
https://www.exploit-db.com/exploits/7425

This is a writeup describing an authentication bypass vulnerability via SQL injection in Banner Exchange Java. It provides credentials to exploit the vulnerability but does not include executable code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Banner Exchange Java
No auth needed
Prerequisites: Access to the login page of the vulnerable application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (5)

Core 5
Core References
Exploit, Third Party Advisory exploit x_refsource_exploit-db
https://www.exploit-db.com/exploits/7425
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/47281
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/33072
Exploit vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/32781

Scores

EPSS 0.0307
EPSS Percentile 85.9%

Details

CWE
CWE-89
Status published
Products (1)
adserversolutions/banner_exchange_software
Published Mar 02, 2009
Tracked Since Feb 18, 2026