Product : Lootan System
vendor : www.kedor.cn
vulnerable versions : RC1 & prior 

example : 
http://example/ly/login.asp?username=[SQL Command]