vendor:
Top Auction
by:
ajann
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Top Auction
Affected Version From: Top Auction 1.0
Affected Version To: Top Auction 1.0
Patch Exists: NO
Related CWE:
CPE:
Platforms Tested:
Top Auction 1.0 (viewcat.php) Remote Blind SQL Injection Exploit
This exploit takes advantage of a blind SQL injection vulnerability in Top Auction 1.0's viewcat.php script. By manipulating the 'category' parameter, an attacker can execute arbitrary SQL queries and retrieve sensitive information from the database, such as usernames and passwords.
Mitigation:
To mitigate this vulnerability, the vendor should implement proper input validation and parameterized queries to prevent SQL injection attacks.