Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com] Exploit Title: DMXready Polling Booth Manager SQLi Vulnerability Vendor url:http://www.dmxready.com Version:1 Price:79$ Published: 2010-09-6 GThanx to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat, Sai, KD, M4n0j, The_Exploited, SeeMe, gunslinger_, Th3 RDX. Greetz to : Inj3ct0r Exploit DataBase (inj3ct0r.com) , 0xr00t.com , members and my friends :) etc.... Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com Shoutzz:- To all ICW & Inj3ct0r members. ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~ Description: DMXReady Polling Booth Manager is a quick and fun way to make your website more interactive: * Change your poll daily, weekly, monthly -- whenever you like! * Find out what people think of you and your services, or post it just for fun * Auto-archive old polls and results * Add multiple answer selections * Allow visitors to view results directly from the poll page * Doesn't allow visitors from voting more than once * Add images, question, and optional description of the poll * Add, edit, delete, or deactiviate any poll through one Admin page * Fully customizable - change the layout to match your website design DMXReady Polling Booth Manager keeps all your web content fresh, and is a great way to find out what your visitors think! ~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~ Vulnerability: *SQL Vulnerability DEMO URL: http://server/inc_pollingboothmanager.asp?view=results&QuestionID=[sqli] # 0day n0 m0re # # L0rd CrusAd3r # -- With R3gards, L0rd CrusAd3r