ExpLoit Title : Noict SQL Injection Vulnerability
GooGle Dork : Powered by: NOICT Developers Co & inurl:/default.asp?lang_id
Data : 2012/ 5 / 31
Author : Dr.LoranS
E-Mail : Gro7@Hotmail.com
Swftware Link : http://noict.com
version : all
Tested on : Windows 7
Greetz to : King of control , Dr.5rab , Al-swisre , Dr.Br8 , Islamic Ghosts Team , v99x.com
Demo : http://icsacxxonf.ir/icste/default.asp?lang_id=2
http://www.cmxxemaz.com/e-health/Default.asp?lang_id=2
http://www.icxxecc.net/detail.asp?lang_id=2&id=37
So, we can inject sql with the /detail.asp?lang_id variable, like that :
http://[site]/[path]/detail.asp?lang_id=[SQL injection]