header-logo
Suggest Exploit
vendor:
ASPired2Quote
by:
Pouya_Server
9.3
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ASPired2Quote
Affected Version From: ASPired2Quote
Affected Version To: ASPired2Quote
Patch Exists: YES
Related CWE: CVE-2008-6133
CPE: cpe:a:thenetguys:aspired2quote
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows
2008

ASPired2Quote

ASPired2Quote is prone to an SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.

Mitigation:

Ensure that user-supplied input is properly sanitized before being used in an SQL query.
Source

Exploit-DB raw data:

#########################################################
---------------------------------------------------------
Portal Name: ASPired2Quote
Vendor : http://thenetguys.us/Home/Quote.asp
Author : Pouya_Server , Pouya.s3rver@Gmail.com
Vulnerability : (DD)
---------------------------------------------------------
#########################################################
[DD]:
http://site.com/[Path]/admin/quote.mdb
 
---------------------------------
Victem :
http://thenetguys.us/ASPired2/Quote/index.asp

# milw0rm.com [2008-12-14]

Navigation

Suggest Exploit

Services By CQR