BID:13035

Active Auction House Sendpassword.ASP SQL Injection Vulnerability

Info

Active Auction House Sendpassword.ASP SQL Injection Vulnerability

Bugtraq ID:	13035
Class:	Input Validation Error
CVE:	CVE-2005-1029
Remote:	Yes
Local:	No
Published:	Apr 06 2005 12:00AM
Updated:	Jul 12 2009 11:57AM
Credit:	Discovery of this vulnerability is credited to dcrab <[email protected]>.
Vulnerable:	Active Web Softwares Active Auction House

Not Vulnerable:

Discussion

Active Auction House Sendpassword.ASP SQL Injection Vulnerability

Active Auction House is reportedly affected by a SQL injection vulnerability. This issue is due to a failure in the application to properly sanitize user-supplied input before using it in a SQL query.

Successful exploitation could result in a compromise of the application, disclosure or modification of data, or may permit an attacker to exploit vulnerabilities in the underlying database implementation.

Exploit / POC

Active Auction House Sendpassword.ASP SQL Injection Vulnerability

No exploit is required.

Solution / Fix

Active Auction House Sendpassword.ASP SQL Injection Vulnerability

Solution:
Currently we are not aware of any vendor-supplied patches for this issue. If you feel we are in error or are aware of more recent information, please mail us at: [email protected] <mailto:[email protected]>.

References

Active Auction House Sendpassword.ASP SQL Injection Vulnerability

References:

Active Auction House Homepage (Active Web Softwares)
Active Auction House has multiple Sql injection, error and XSS vulnerabilities (dcrab )