Xerox DocuShare URL SQL Injection Vulnerability

Summary
This host is installed with Xerox DocuShare and is prone to multiple sql injection vulnerabilities.
Impact
Successful exploitation will allow attacker to execute arbitrary HTML or script code and manipulate SQL queries in the backend database allowing for the manipulation or disclosure of arbitrary data. Impact Level: Application
Solution
Apply the hotfix from the below link, http://www.xerox.com/download/security/security-bulletin/a72cd-4f7a54ce14460/cert_XRX14-003_V1.0.pdf
Insight
Input appended to the URL after /docushare/dsweb/ResultBackgroundJobMultiple/1 is not properly sanitised before being used in SQL queries.
Affected
Xerox DocuShare version 6.5.3 Patch 6, 6.6.1 Update 1, and 6.6.1 Update 2, Prior versions may also be affected.
Detection
Send a crafted HTTP GET request and check whether it is able to execute sql query or not.
References