CVE-2005-1029

Active Auction House - SQL Injection

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2005-1029. PoCs published by Dcrab.

AI-analyzed exploit summary The provided text describes a SQL injection vulnerability in Active Auction House, where unsanitized user input in the 'itemID' parameter of 'ItemInfo.asp' can be exploited. No actual exploit code is present, only a description and example URL.

Description

Multiple SQL injection vulnerabilities in Active Auction House allow remote attackers to execute arbitrary SQL commands via the (1) catid, (2) SortDir, or (3) Sortby parameter to default.asp, (4) itemID parameter to ItemInfo.asp, or (5) Email field to sendpassword.asp.

Exploits (2)

exploitdb WRITEUP VERIFIED
by Dcrab · textwebappsasp
https://www.exploit-db.com/exploits/25347

The provided text describes a SQL injection vulnerability in Active Auction House, where unsanitized user input in the 'itemID' parameter of 'ItemInfo.asp' can be exploited. No actual exploit code is present, only a description and example URL.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Active Auction House (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable 'ItemInfo.asp' endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WRITEUP VERIFIED
by Dcrab · textwebappsasp
https://www.exploit-db.com/exploits/25346

The provided text describes SQL injection vulnerabilities in Active Auction House software, detailing how unsanitized user input in the 'Sortby' and 'SortDir' parameters can be exploited. It includes example URLs demonstrating the injection points but lacks executable exploit code.

Classification
Writeup 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Theoretical
Target: Active Auction House (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable web application
devstral-2 · analyzed Feb 16, 2026 Full analysis →

References (11)

Core 11
Core References
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13034
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/19977
Vendor Advisory vdb-entry x_refsource_sectrack
http://www.securitytracker.com/alerts/2005/Apr/1013649.html
Exploit, Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13032
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/15283
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/15281
Various Sources x_refsource_misc
http://digitalparadox.org/advisories/aass.txt
Mailing List mailing-list x_refsource_bugtraq
http://marc.info/?l=bugtraq&m=111280834000432&w=2
Vendor Advisory vdb-entry x_refsource_bid
http://www.securityfocus.com/bid/13035
Vendor Advisory third-party-advisory x_refsource_secunia
http://secunia.com/advisories/14839
Third Party Advisory, VDB Entry vdb-entry x_refsource_osvdb
http://www.osvdb.org/15282

Scores

EPSS 0.0426
EPSS Percentile 89.8%

Details

Status published
Products (1)
active_web_softwares/active_auction_house 7.1
Published Apr 06, 2005
Tracked Since Feb 18, 2026