ClickTech Texas RankEm Player.ASP Tournaments.ASP Multiple SQL Injection Vulnerabilities

info
discussion
exploit
solution
references

ClickTech Texas RankEm Player.ASP Tournaments.ASP Multiple SQL Injection Vulnerabilities

An attacker can exploit these issues via a web client.

The following proof-of-concept URIs are available:

http://www.example.com/path/player.asp?player_id=14&selPlayer=[SQL INJECTION]
http://www.example.com/path/tournaments.asp?tournament_id=[SQL INJECTION]