DUware DUportal Pro Multiple SQL Injection Vulnerabilities

DUware DUportal Pro Multiple SQL Injection Vulnerabilities

No exploit is required.

The following proof of concept URI are available:
http://www.example.com/DUportalPro34/Articles/default.asp?iChannel=2[SQL Inject]&nChannel=Articles
http://www.example.com/DUportalPro34/Articles/detail.asp?iData=4[SQL Inject]&iCat=292&iChannel=2&nChannel=Articles
http://www.example.com/DUportalPro34/home/members.asp?iMem=[SQL Inject]
http://www.example.com/DUportalPro34/topics/cat.asp?iCat=4[SQL Inject]&iChannel=16&nChannel=Topics
http://www.example.com/DUportalPro34/Polls/default.asp?iChannel=15[SQL Inject]&nChannel=Polls
http://www.example.com/DUportalPro34/home/members.asp?iMem=[SQL Inject]
http://www.example.com/DUportalPro34/admin/members_listing_approval.asp?offset=[SQL Inject]
http://www.example.com/DUportalPro34/admin/channels_edit.asp?iChannel=7[SQL inject]&nChannel=[Name Module]