[Aria-Security Team] DuWare DuPortal SQL Injection Vuln
#Aria-Security Team Advisory
#<www.Aria-security.Com For English >
#<www.Aria-Security.net For Persian >
#Original Advisory:
#http://www.aria-security.com/forum/showthread.php?t=63
#-----------------------------------------------------------
#Software: DuPortal Pro 3.4
#Method: SQL Injection
#Vendor: http://duware.com
#
#PoC:
#http://target/DUportalPro34Demo/Pictures/default.asp?iChannel=1&nChannel=[SQL
Injection]
#http://target/DUportalPro34Demo/Pictures/default.asp?iChannel=[SQL Injection]
#http://target/DUportalPro34Demo/Files/cat.asp?iCat=[SQL Injection]
#http://target/DUportalPro34Demo/Files/cat.asp?iCat=202&iChannel=[SQL Injection]
#
#Contact: Advisory@xxxxxxxxxxxxxxxxx