Lootan System versions RC1 and below suffer from a remote SQL injection vulnerability.
fd0b462b6142d5ebc07251dfb824946ebb68b2ddd5dc45f64cb070c33756b433
Product : Lootan System
vendor : www.kedor.cn
vulnerable versions : RC1 & prior
example :
http://example/ly/login.asp?username=[SQL Command]