CVE-2009-3358

Tourism Scripts Adult Portal Escort Listing - SQL Injection via profile.php user_id Parameter

Title source: llm
STIX 2.1

Exploitation Summary

EIP tracks 2 public exploits for CVE-2009-3358. PoCs published by Mr.SQL.

AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in the 'profile.php' script of Adult Portal escort listing software. It uses UNION-based SQLi to extract user credentials (username, password, email) from the 'member' or 'user' tables.

Description

SQL injection vulnerability in profile.php in Tourism Scripts Adult Portal escort listing allows remote attackers to execute arbitrary SQL commands via the user_id parameter.

Exploits (2)

exploitdb WORKING POC VERIFIED
by Mr.SQL · textwebappsphp
https://www.exploit-db.com/exploits/9634

This exploit demonstrates a SQL injection vulnerability in the 'profile.php' script of Adult Portal escort listing software. It uses UNION-based SQLi to extract user credentials (username, password, email) from the 'member' or 'user' tables.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Adult Portal escort listing (version unspecified)
No auth needed
Prerequisites: Access to the vulnerable 'profile.php' endpoint
devstral-2 · analyzed Feb 16, 2026 Full analysis →
exploitdb WORKING POC
webappsphp
https://www.exploit-db.com/exploits/8788

This is a functional SQL injection exploit for Mole Adult Portal Script, demonstrating a vulnerability in the 'user_id' parameter of 'profile.php'. The exploit uses a UNION-based SQLi to extract database version information, requiring magic_quotes_gpc to be disabled.

Classification
Working Poc 90%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target: Mole Adult Portal Script
No auth needed
Prerequisites: magic_quotes_gpc must be disabled · target must be running Mole Adult Portal Script
devstral-2 · analyzed Feb 19, 2026 Full analysis →

References (2)

Core 2
Core References
Third Party Advisory, VDB Entry vdb-entry x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/53134
Exploit, Third Party Advisory exploit x_refsource_exploit-db
http://www.exploit-db.com/exploits/9634

Scores

EPSS 0.0094
EPSS Percentile 56.1%

Details

CWE
CWE-89
Status published
Products (1)
tourismscripts/adult_portal_escort_listing
Published Sep 24, 2009
Tracked Since Feb 18, 2026