DMXready Polling Booth Manager SQL Injection

Risk: High
Local: No
Remote: Yes

CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

Author: L0rd CrusAd3r aka VSN [] Exploit Title: DMXready Polling Booth Manager SQLi Vulnerability Vendor url: Version:1 Price:79$ Published: 2010-09-6 GThanx to:r0073r (, Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j, The_Exploited, SeeMe, gunslinger_, Th3 RDX. Greetz to : Inj3ct0r Exploit DataBase ( , , members and my friends :) etc.... Special Greetz:, inj3ct0r Team , Shoutzz:- To all ICW & Inj3ct0r members. ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~ Description: DMXReady Polling Booth Manager is a quick and fun way to make your website more interactive: * Change your poll daily, weekly, monthly -- whenever you like! * Find out what people think of you and your services, or post it just for fun * Auto-archive old polls and results * Add multiple answer selections * Allow visitors to view results directly from the poll page * Doesn't allow visitors from voting more than once * Add images, question, and optional description of the poll * Add, edit, delete, or deactiviate any poll through one Admin page * Fully customizable - change the layout to match your website design DMXReady Polling Booth Manager keeps all your web content fresh, and is a great way to find out what your visitors think! ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~ Vulnerability: *SQL Vulnerability DEMO URL: http://server/inc_pollingboothmanager.asp?view=results&QuestionID=[sqli] # 0day n0 m0re # # L0rd CrusAd3r # -- With R3gards, L0rd CrusAd3r


Vote for this issue:


Thanks for you vote!


Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}

Copyright 2021,


Back to Top