Advanced Poll include/class_poll.php HTTP User-Agent Header SQL Injection

2006-05-01T06:17:37
ID OSVDB:25167
Type osvdb
Reporter Aliaksandr Hartsuyeu(alex@evuln.com)
Modified 2006-05-01T06:17:37

Description

Vulnerability Description

Advanced Poll contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the include/call_poll.php script not properly sanitizing user-supplied input to the 'User-Agent' HTTP header field. This may allow an attacker to inject or manipulate SQL queries in the backend database.

Technical Description

This vulnerability is only present when the magic_quotes_gpc PHP option is 'off'.

Solution Description

Currently, there are no known upgrades, patches, or workarounds available to correct this issue.

Short Description

Advanced Poll contains a flaw that may allow an attacker to carry out an SQL injection attack. The issue is due to the include/call_poll.php script not properly sanitizing user-supplied input to the 'User-Agent' HTTP header field. This may allow an attacker to inject or manipulate SQL queries in the backend database.

References:

Vendor URL: http://proxy2.de/scripts.php Secunia Advisory ID:19899 Related OSVDB ID: 25168 Other Advisory URL: http://evuln.com/vulns/131/ Keyword: EV0131 ISS X-Force ID: 26152 FrSIRT Advisory: ADV-2006-1603 CVE-2006-2130