DreamPoll SQL inj.

Type securityvulns
Reporter Securityvulns
Modified 2005-12-14T00:00:00


DreamPoll SQL inj.

Vuln. dicovered by : r0t Date: 14 dec. 2005 orginal advisory:http://pridels.blogspot.com/2005/12/dreampoll-sql-inj.html vendor:http://dreamlevels.com/dreampoll.php affected version: 3.0 final and prior

Product Description: DreamPoll is an enhanced version of Advanced Poll Builder for webmasters who handle the medium/big websites. It is extremely HANDY TO USE, have nice admin panel, 3-STEPS VISUAL WIZARD to create the POLL and customize the Design. It has all the features of Advanced Poll Builder 1.2, like "COLOR PICKER/Wizard", "Prevent Multiple Votes per IP/ Computer", "Results Statistics" and more [click "visit" for full features list] + 2 more new very useful ones: 1) Default Poll – this allows you to easily set the [default poll]. If you have a lot of html or other pages on your site where you want to place the same poll and want to easily switch between the existent polls so it will automatically starts showing current default poll on all the pages, this feature will save your time. You do not need to change the html code every time you want to show another poll on your pages; 2) Now the results can be shown right on the poll box.

Vuln. Description: DreamPoll contains a flaw that allows a remote sql injection attacks.Input passed to the "id" parameter in "view_Results.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code

example: /view_Results.php?id=[SQL]

Solution: Edit the source code to ensure that input is properly sanitised.