CVE-2010-1703

2daybiz Polls Script - Cross-Site Scripting via Category Parameter or Search Field

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2010-1703. PoCs published by Sid3^effects.

AI-analyzed exploit summary This writeup describes an authentication bypass and XSS vulnerability in Advanced Poll Script. The authentication bypass uses SQL injection with ' or 1=1 or ''=' in login fields, while the XSS is triggered via the search field with the payload '"-->. No exploit code is provided, only attack patterns and demo URLs.

Description

Multiple cross-site scripting (XSS) vulnerabilities in index_search.php in 2daybiz Polls (aka Advanced Poll) Script allow remote attackers to inject arbitrary web script or HTML via the (1) category parameter or (2) search field.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Sid3^effects · textwebappsphp

https://www.exploit-db.com/exploits/12395

View Code ZIP pw:eip

This writeup describes an authentication bypass and XSS vulnerability in Advanced Poll Script. The authentication bypass uses SQL injection with ' or 1=1 or ''=' in login fields, while the XSS is triggered via the search field with the payload '"-->. No exploit code is provided, only attack patterns and demo URLs.

Classification

Writeup 90%

Attack Type

Sqli | Xss | Auth Bypass

Complexity

Trivial

Reliability

Reliable

Target: Advanced Poll Script (version not specified)

No auth needed

Prerequisites: Access to the login or search page of the vulnerable application

MITRE ATT&CK