DMXready Polling Booth Manager - SQL Injection

2010-09-05T00:00:00
ID EXPLOITPACK:8C89EB3C5AEB82CB67D40E83F51A8FB5
Type exploitpack
Reporter L0rd CrusAd3r
Modified 2010-09-05T00:00:00

Description

DMXready Polling Booth Manager - SQL Injection

                                        
                                            Author: L0rd CrusAd3r aka VSN [crusader_hmg@yahoo.com]
Exploit Title: DMXready Polling Booth Manager SQLi Vulnerability
Vendor url:http://www.dmxready.com
Version:1
Price:79$
Published: 2010-09-6
GThanx to:r0073r (inj3ct0r.com), Sid3^effects, MaYur, MA1201, Sonic Bluehat,
Sai, KD, M4n0j, The_Exploited, SeeMe, gunslinger_, Th3 RDX.
Greetz to : Inj3ct0r Exploit DataBase (inj3ct0r.com) , 0xr00t.com , members
and my friends :) etc....
Special Greetz: Topsecure.net, inj3ct0r Team ,Andhrahackers.com
Shoutzz:- To all ICW & Inj3ct0r members.
~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~
Description:

DMXReady Polling Booth Manager is a quick and fun way to make your website
more interactive:

    * Change your poll daily, weekly, monthly -- whenever you like!
    * Find out what people think of you and your services, or post it just
for fun
    * Auto-archive old polls and results
    * Add multiple answer selections
    * Allow visitors to view results directly from the poll page
    * Doesn't allow visitors from voting more than once
    * Add images, question, and optional description of the poll
    * Add, edit, delete, or deactiviate any poll through one Admin page
    * Fully customizable - change the layout to match your website design

DMXReady Polling Booth Manager keeps all your web content fresh, and is a
great way to find out what your visitors think!


~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~~*~*~*~*~*~*~

Vulnerability:

*SQL Vulnerability

DEMO URL:

http://server/inc_pollingboothmanager.asp?view=results&QuestionID=[sqli]


# 0day n0 m0re #
# L0rd CrusAd3r #

-- 
With R3gards,
L0rd CrusAd3r