Full Disclosure mailing list archives

Advanced Poll 2.02 SQL Injection Vulnerability

From: Yassin Aboukir <01xp01 () gmail com>
Date: Fri, 4 Nov 2011 02:17:47 +0000

##############################################################################################################
[+] Title              :  Advanced Poll 2.02 SQL Injection Vulnerability
[+] Affected Version   :  v2.02
[+] Software Link      :
http://www.electrolized.free.fr/scripts-php/pollphp.zip
[+] Tested on          :  Windows 7 <Firefox>
[+] Date               :  15/10/2011
[+] Dork               :  “inurl:/db/admin intitle:Advanced Poll 2.02”
[+] Category           :  Webapps
[+] Severity           :  High
[+] Author             :  Yassin Aboukir
[+] Site               :  http://www.yaboukir.com
###############################################################################################################

[+] About the software :  Sondage très puissant, gestion de plusieurs
sondage, interface  d'administration.
 Ce script utilise soit un fichier texte soit une base de donnée.

[+] How that can be exploited :


http://localhost/path/db/db/popup.php?action=results&poll_ident=1 [SQL
Me]

[+] Fix :  upgrade to last release.

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

Current thread:

Advanced Poll 2.02 SQL Injection Vulnerability Yassin Aboukir (Nov 04)