TUCoPS :: Web :: CMS / Portals

TUCoPS :: Web :: CMS / Portals :: b06-1882.htm
DUportal SQL Injection vuln

SQL Injection On DUportal SQL Injection On DUportal


Proof of Concept:
/News/cat.asp?iCat=' [SQL INJECTION]&iChannel=1&nChannel=News
/Articles/cat.asp?iCat=' [SQL INJECTION]&iChannel=2&nChannel=Articles
/Pictures/cat.asp?iCat=' [SQL INJECTION]&iChannel=3&nChannel=Pictures 


Original advisory:http://www.aria-security.net/advisory/duportal.txt