GEN:SID 1:2325
Message WEB-IIS VP-ASP ShopDisplayProducts.asp access
Summary This event is generated when an attempt is made to exploit a known
vulnerability in Virtual Programming VP-ASP web application running on a server.
Impact Information gathering and system integrity compromise. Possible unauthorized
administrative access to the server or application. Possible execution
of arbitrary code of the attackers choosing in some cases.
Detailed Information This event is generated when an attempt is made to exploit a known
vulnerability in Virtual Programming VP-ASP web application running on a
server. It may be possible to use SQL injection techniques to supply
SQL code of an attackers choosing to the database used in the
application.
Affected Systems Virtual Programming VP-ASP 4.0
    Virtual Programming VP-ASP 5.0
Attack Scenarios An attacker can inject SQL code of their choosing to view and manipulate
data stored in the underlying database used by the application.
Ease of Attack Simple. Exploit software is not required.
Corrective Action Ensure the system is using an up to date version of the software and has
had all vendor supplied patches applied.
Additional References  
Rule References bugtraq: 9133
bugtraq: 9134
nessus: 11942