header-logo
Suggest Exploit
vendor:
Smart ASP Survey
by:
L0rd CrusAd3r
7,4
CVSS
HIGH
SQL Injection & XSS
89
CWE
Product Name: Smart ASP Survey
Affected Version From: n/a
Affected Version To: n/a
Patch Exists: YES
Related CWE: CVE-2010-2245
CPE: a:sellatsite:smart_asp_survey
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: n/a
2010

Smart ASP Survey SQL & XSS Vulnerable

Smart ASP Survey is prone to an SQL injection vulnerability and a cross-site scripting vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit these issues to manipulate SQL queries, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database. An attacker can also exploit this issue to execute arbitrary HTML and script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Mitigation:

The vendor has released a patch to address this issue. Users are advised to upgrade to the latest version of Smart ASP Survey.
Source

Exploit-DB raw data:

1-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-0
0 _ __ __ __ 1
1 /' \ __ /'__`\ /\ \__ /'__`\ 0
0 /\_, \ ___ /\_\/\_\ \ \ ___\ \ ,_\/\ \/\ \ _ ___ 1
1 \/_/\ \ /' _ `\ \/\ \/_/_\_<_ /'___\ \ \/\ \ \ \ \/\`'__\ 0
0 \ \ \/\ \/\ \ \ \ \/\ \ \ \/\ \__/\ \ \_\ \ \_\ \ \ \/ 1
1 \ \_\ \_\ \_\_\ \ \ \____/\ \____\\ \__\\ \____/\ \_\ 0
0 \/_/\/_/\/_/\ \_\ \/___/ \/____/ \/__/ \/___/ \/_/ 1
1 \ \____/ >> Exploit database separated by exploit 0
0 \/___/ type (local, remote, DoS, etc.) 1
1 1
0 [+] Site : Inj3ct0r.com 0
1 [+] Support e-mail : submit[at]inj3ct0r.com 1
0 0
1 ########################################## 1
0 I'm L0rd CrusAd3r member from Inj3ct0r Team 1
1 ########################################## 0
0-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-=-==-=-=-=-=-=-=-=-=-=1
Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title:Smart ASP Survey SQL & XSS Vulnerable
Vendor url:http://www.sellatsite.com
Version:n/a
Published: 2010-06-15
Greetz to:Sid3^effects, MaYur, M4n0j, Dark Blue, S1ayer,d3c0d3r,KD and to
all ICW members.
Spl Greetz to:inj3ct0r.com Team, Andhrahackers.com

~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Description:

Smart ASP Survey is an easy-to-use application that provides your poll
results. Simply login to your admin panel and generate surveys.
Administrators can work from their browsers, any time, from anywhere. And,
there are no limits to the types of questions you can ask, how many polls
are stored in your archives, or how many optional answers to your poll
question. Simply login to admin start creating your surveys.

Features:

* Powerful Admin
* Upload your own logo.
* Add your own categories.
* Add/Edit/Delete Questions
* Add/Edit/Delete Answers
* Graphical Results
* Website Redirection on Survey Exit.
* User friendly Control panel.
* Complete Survey Record.
* Setup Site from Admin panel.


~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQLi Vulnerability

DEMO URL :http://server/poll/default.asp?catid=[sqli]

*XSS Vulnerable

Parameter:'"-->

DEMO URl:http://server/poll/default.asp?catid=

# 0day n0 m0re #
# L0rd CrusAd3r #

-- 
With R3gards,
L0rd CrusAd3r

Navigation

Suggest Exploit

Services By CQR