Product : Lootan System vendor : www.kedor.cn vulnerable versions : RC1 & prior example : http://example/ly/login.asp?username=[SQL Command]