by r0t,der4444,cembo,VietMafia

Wednesday, December 14, 2005

DreamPoll SQL inj.

DreamPoll SQL inj.

Vuln. dicovered by : r0t
Date: 14 dec. 2005
vendor:http://dreamlevels.com/dreampoll.php
affected version: 3.0 final and prior

Product Description:
DreamPoll is an enhanced version of Advanced Poll Builder for webmasters who handle the medium/big websites. It is extremely HANDY TO USE, have nice admin panel, 3-STEPS VISUAL WIZARD to create the POLL and customize the Design. It has all the features of Advanced Poll Builder 1.2, like "COLOR PICKER/Wizard", "Prevent Multiple Votes per IP/ Computer", "Results Statistics" and more [click "visit" for full features list] + 2 more new very useful ones: 1) Default Poll – this allows you to easily set the [default poll]. If you have a lot of html or other pages on your site where you want to place the same poll and want to easily switch between the existent polls so it will automatically starts showing current default poll on all the pages, this feature will save your time. You do not need to change the html code every time you want to show another poll on your pages; 2) Now the results can be shown right on the poll box.


Vuln. Description:
DreamPoll contains a flaw that allows a remote sql injection attacks.Input passed to the "id" parameter in "view_Results.php" isn't properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code

example:
/view_Results.php?id=[SQL]


Solution:
Edit the source code to ensure that input is properly sanitised.

1 Comments:

Anonymous Anonymous told...

How can it be used to break anything? It seems the only hack that can be applied is viewing the results of another poll. But it seems not an issue since there is no private polls.

6:14 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew