The last version of this portal which used by own company, have SQL
Injection bug:

http://www.douran.com/homepage.aspx?site=DouranPortal&tabid=1[SQLi]&lang=fa-IR
Ver: DOURAN Portal V3.9.8.25


# Exploit Title: Douran Portal SQLi Vulnerability
# Date: 08/31/2012
# Author: Persia Security Group - (Prince & mafia1990)
# Vendor Homepage: http://www.douran.com/
# Software Link: This is not free!!
# Version: All Version
# Google Dork: intext:"DOURAN Portal"
# Tested on: win 2003 & 2008 server

==========================================================================================
Vulnerability Details

==========================================================================================

/*********/
Google Dork: intext:"DOURAN Portal"
/*********/
This portal published for Azad university and other organizations.
have SQLi vulnerability in param[tabid]  &&==> .!..

Code: ASPX  & MSSQL & Framework Version:2.0.50727.3615

Example:



http://www.site.com/homepage.aspx?site=DouranPortal&tabid=1[SQLi]&lang=fa-IR

 Demo:


http://217.219.227.155/Homepage.aspx?site=dezfulUniversity&tabid=1'&lang=fa-IR

==========================================================================================