| lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
|
Open Source and information security mailing list archives
| ||
|
Message-ID: <CAC=6x+rkQWRU_Jk6+bX+s2=aQFAwukp01Pyb0BwnsNU_ByXUTg@mail.gmail.com> Date: Fri, 4 Nov 2011 02:17:47 +0000 From: Yassin Aboukir <01xp01@...il.com> To: full-disclosure@...ts.grok.org.uk Subject: Advanced Poll 2.02 SQL Injection Vulnerability ############################################################################################################## [+] Title : Advanced Poll 2.02 SQL Injection Vulnerability [+] Affected Version : v2.02 [+] Software Link : http://www.electrolized.free.fr/scripts-php/pollphp.zip [+] Tested on : Windows 7 <Firefox> [+] Date : 15/10/2011 [+] Dork : “inurl:/db/admin intitle:Advanced Poll 2.02” [+] Category : Webapps [+] Severity : High [+] Author : Yassin Aboukir [+] Site : http://www.yaboukir.com ############################################################################################################### [+] About the software : Sondage très puissant, gestion de plusieurs sondage, interface d'administration. Ce script utilise soit un fichier texte soit une base de donnée. [+] How that can be exploited : http://localhost/path/db/db/popup.php?action=results&poll_ident=1 [SQL Me] [+] Fix : upgrade to last release. _______________________________________________ Full-Disclosure - We believe in it. Charter: http://lists.grok.org.uk/full-disclosure-charter.html Hosted and sponsored by Secunia - http://secunia.com/
Powered by blists - more mailing lists