Advanced Poll 2.02 SQL Injection Vulnerability

vendor:

Advanced Poll 2.02

by:

Yassin Aboukir

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Advanced Poll 2.02

Affected Version From: v2.02

Affected Version To: v2.02

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: Windows 7

2011

Advanced Poll 2.02 SQL Injection Vulnerability

An attacker can exploit this vulnerability by sending a crafted SQL query to the vulnerable application. This can be done by sending a specially crafted HTTP request to the vulnerable application. The vulnerable parameter is ‘poll_ident’ which is not properly sanitized before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code. Successful exploitation of this vulnerability can allow an attacker to gain access to sensitive information from the database.

Mitigation:

Upgrade to the latest version of the application.

Source

Exploit-DB raw data:

##############################################################################################################
[+] Title              :  Advanced Poll 2.02 SQL Injection Vulnerability
[+] Affected Version   :  v2.02
[+] Software Link      :  http://www.electrolized.free.fr/scripts-php/pollphp.zip
[+] Tested on          :  Windows 7 <Firefox>
[+] Date               :  15/10/2011
[+] Dork               :  inurl:/db/admin intitle:Advanced Poll 2.02
[+] Category           :  Webapps
[+] Severity           :  High
[+] Author             :  Yassin Aboukir
[+] Site               :  http://www.yaboukir.com
###############################################################################################################

[+] About the software :  Sondage très puissant, gestion de plusieurs sondage, interface  d'administration.
 Ce script utilise soit un fichier texte soit une base de donnée. 

[+] How that can be exploited :

                http://localhost/path/db/db/popup.php?action=results&poll_ident=1 [SQL Me]

[+] Fix :  upgrade to last release.