Douran Portal 3.9.8.25 SQL Injection

2012-09-02T00:00:00
ID PACKETSTORM:116183
Type packetstorm
Reporter Prince
Modified 2012-09-02T00:00:00

Description

                                        
                                            `The last version of this portal which used by own company, have SQL  
Injection bug:  
  
http://www.douran.com/homepage.aspx?site=DouranPortal&tabid=1[SQLi]&lang=fa-IR  
Ver: DOURAN Portal V3.9.8.25  
  
  
# Exploit Title: Douran Portal SQLi Vulnerability  
# Date: 08/31/2012  
# Author: Persia Security Group - (Prince & mafia1990)  
# Vendor Homepage: http://www.douran.com/  
# Software Link: This is not free!!  
# Version: All Version  
# Google Dork: intext:"DOURAN Portal"  
# Tested on: win 2003 & 2008 server  
  
==========================================================================================  
Vulnerability Details  
  
==========================================================================================  
  
/*********/  
Google Dork: intext:"DOURAN Portal"  
/*********/  
This portal published for Azad university and other organizations.  
have SQLi vulnerability in param[tabid] &&==> .!..  
  
Code: ASPX & MSSQL & Framework Version:2.0.50727.3615  
  
Example:  
  
  
  
http://www.site.com/homepage.aspx?site=DouranPortal&tabid=1[SQLi]&lang=fa-IR  
  
Demo:  
  
  
http://217.219.227.155/Homepage.aspx?site=dezfulUniversity&tabid=1'&lang=fa-IR  
  
==========================================================================================  
  
`