Active Business Directory v 2

vendor:

Active Business Directory

by:

AlpHaNiX

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Active Business Directory

Affected Version From: 2

Affected Version To: 2

Patch Exists: NO

Related CWE: N/A

CPE: a:activewebsoftwares:active_business_directory

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Active Business Directory v 2

The Active Business Directory v 2 is vulnerable to a SQL injection vulnerability. This vulnerability allows an attacker to execute arbitrary SQL commands on the underlying database. By sending a specially crafted HTTP request to the vulnerable application, an attacker can exploit this vulnerability to gain access to sensitive information stored in the database.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries.

Source

Exploit-DB raw data:

###########################################################################
#-----------------------------OffensiveTrack------------------------------#
###########################################################################



#found by : OffensiveTrack
#Author : AlpHaNiX
#website : www.offensivetrack.org
#contact on mail & msn : AlpHa@Hacker.bz

###########################################################################



#script : Active Business Directory v 2
#â‚¬xploit : http://www.activewebsoftwares.com/demoactivebusinessdirectory/default.asp?catid=0+and+1=0



#greetz : My Best Friend Zigma

###########################################################################

# milw0rm.com [2008-11-30]