Advanced Poll Script cross site scripting and SQL injection

2010.04.27
Credit: Sid3^effects
Risk: High
Local: No
Remote: Yes
CWE: CWE-79
CWE-89

# Exploit Title: XSS and Authentication bypass in Advanced Poll Script # Date: 26-apr-2010 # Author: Sid3^effects # Software Link: N/a # CVE : [] # Code : [] ______________________________________________________________________________ XSS and Authentication bypass in Advanced Poll Script Vendor:http://www.2daybiz.com/ ___________________________Author:Sid3^effects_________________________________ Description : Advanced Poll is a polling system with powerful administration tool supports both text file and MySQL database. Its features include multiple polls, unlimited options, IP-Logging, IP-Locking, cookie support, comment feature, vote expire feature, and random poll support. script cost :$140 --------------------------------------------------------------------------- * Authentication bypass: The following script has authentication bypass in the admin login as well as in user login use ' or 1=1 or ''=' in both login and password. user login demo :http://www.2daybiz.com/products/polls/login.php admin login demo: http://www.2daybiz.com/products/polls/admin/ --------------------------------------------------------------------------- * XSS (cross site scripting ) : XSS is also found in the search field. Attack Pattern: '"--><script>alert(0x000872)</script> DEMO:http://www.2daybiz.com/products/polls/index_search.php?category= [XSS] --------------------------------------------------------------------------- ShoutZ : ------- ---Indian Cyber warriors--Andhra hackers-- Greetz : -------- ---*L0rd rusAd&#234;r*---d4rk-blu&#65533;reg; [ICW]---R45C4L idi0th4ck3r---CR4C|< 008---M4n0j--MayUr--

References:

http://xforce.iss.net/xforce/xfdb/58189
http://xforce.iss.net/xforce/xfdb/58127
http://www.securityfocus.com/bid/39745
http://www.exploit-db.com/exploits/12395
http://secunia.com/advisories/39622
http://packetstormsecurity.org/1004-exploits/aps-sqlxss.txt


Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2024, cxsecurity.com

 

Back to Top