by r0t,der4444,cembo,VietMafia

Wednesday, November 23, 2005

Vote! Pro 4.x "poll_id" Sql inj.

Vote! Pro 4.x "poll_id" Sql inj.

Vuln. dicovered by : r0t
Date: 23 nov. 2005
Product link:
affected version: 4.x and prior.

Product Description:
Vote! Pro 4.0 is php survey and voting poll solution. Unbelievable functionality, and mass of useful functions of this php voting script will give your work special comfort. Flexible and fully-functional survey and voting engine for any type of web site. Easy to install and customize PHP survey script

Vuln Description:
Input passed to the "poll_id" parameter in "poll_frame.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.


Edit the source code to ensure that input is properly sanitised.


Anonymous Anonymous told...

The program comes with less than one page of documentation and no help file within the program and the installation instructions were wrong. I would NOT recommend this program to my worse enemy. I have asked for a refund because I could not get the program to work and it was denied.........

10:49 AM


Post a Comment

<< Home

Copyright (c) 2006 Pridels Sec Crew