Full Disclosure mailing list archives
Advanced Poll 2.02 SQL Injection Vulnerability
From: Yassin Aboukir <01xp01 () gmail com>
Date: Fri, 4 Nov 2011 02:17:47 +0000
############################################################################################################## [+] Title : Advanced Poll 2.02 SQL Injection Vulnerability [+] Affected Version : v2.02 [+] Software Link : http://www.electrolized.free.fr/scripts-php/pollphp.zip [+] Tested on : Windows 7 <Firefox> [+] Date : 15/10/2011 [+] Dork : “inurl:/db/admin intitle:Advanced Poll 2.02” [+] Category : Webapps [+] Severity : High [+] Author : Yassin Aboukir [+] Site : http://www.yaboukir.com ############################################################################################################### [+] About the software : Sondage très puissant, gestion de plusieurs sondage, interface d'administration. Ce script utilise soit un fichier texte soit une base de donnée. [+] How that can be exploited : http://localhost/path/db/db/popup.php?action=results&poll_ident=1 [SQL Me] [+] Fix : upgrade to last release. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Current thread:
- Advanced Poll 2.02 SQL Injection Vulnerability Yassin Aboukir (Nov 04)