• info
• discussion
• exploit
• solution
• references

DUware DUforum Multiple SQL Injection Vulnerabilities

No exploit is required.

The following proof-of-concept URIs are available:

http://www.example.com/DUforum/messages.asp?iMsg=[SQL Inject]248&iFor=6
http://www.example.com/DUforum/post.asp?iFor=6[SQL Inject]
http://www.example.com/DUforum/forums.asp?iFor=[SQL Inject]
http://www.example.com/DUforum/admin/userEdit.asp?id=[SQL Inject]