ActiveWebSoftware Active Auction Pro SQL Injection Vulnerability

2010-12-05T00:00:00
ID 1337DAY-ID-15047
Type zdt
Reporter R4dc0re
Modified 2010-12-05T00:00:00

Description

Exploit for asp platform in category web applications

                                        
                                            ================================================================
ActiveWebSoftware Active Auction Pro SQL Injection Vulnerability
================================================================

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=1
3                                                                      3
3             _     __       __    ________     __  __                 3
7           /' \  /'__`\   /'__`\ /\_____  \   /\ \/\ \                7
1          /\_, \/\_\L\ \ /\_\L\ \\/___//'/'   \_\ \ \ \____           1
3          \/_/\ \/_/_\_<_\/_/_\_<_   /' /'    /'_` \ \ '__`\          3
3             \ \ \/\ \L\ \ /\ \L\ \ /' /'    /\ \L\ \ \ \L\ \         3
7              \ \_\ \____/ \ \____//\_/      \ \___,_\ \_,__/         7
1               \/_/\/___/   \/___/ \//        \/__,_ /\/___/          1
3              >> Exploit database separated by exploit                3
3                     type (local, remote, DoS, etc.)                  3
7                                                                      7
1          [+] Site            : 1337db.com                            1
3          [+] Support e-mail  : submit[at]1337db.com                  3
3                                                                      3
7               ##########################################             7
1               I'm R4dc0re 1337 Member from 1337 DataBase             1
3               ##########################################             3
3                                                                      3                                            
7-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-7

# Author: R4dc0re
# Exploit Title:ActiveWebSoftware Active Auction Pro SQL Injection Vulnerability
# Date: 04-12-2010
# Vendor or Software Link: http://www.activewebsoftwares.com
# Category:WebApp
#Demo Link:http://www.activewebsoftwares.com/activeauction/
#Contact: [email protected]
#Website: www.1337db.com
#Greetings to: R0073r(1337db.com), L0rd CrusAd3r,Sid3^effects and to rest of the 1337db members

Submit Your Exploit at [email protected]


###################################################################
[Product Detail]

Model Number: ACTIVEAUCTIONPROSSL

Active Auction Pro
Active Auction is a full featured, affordable auction program for your web site.
Features includes Standard and Dutch auctions, set listing fees, rate users,
proxy bidding, shopping system and more.
Easily can be integrated seamlessly with your existing site.
Uses Access or MS SQL database. Includes the full ASp VB source code.

[Vulnerability]

SQL Injection:

http://www.activewebsoftwares.com/activeauction/default.asp?catid=[Code]

###################################################################



#  0day.today [2018-03-14]  #