Ethical Hacking

Learn to find vulnerabilities before the bad guys do! Gain real world hands on hacking experience in our state of the art hacking lab. Course designed and taught by expert instructors with years of penetration testing experience. 12 student maximum in every class. Certification attempt included in every package.
Computer Forensics Training at InfoSec Institute

Gain the in-demand skills of a certified computer examiner, learn to recover trace data left behind by fraud, theft, and cybercrime perpetrators. Discover the source of computer crime and abuse at your organization so that it never happens again. All of our class sizes are guaranteed to be 12 students or less to facilitate one-on-one interaction with one of our expert instructors.




Network Security Bugtraq
[Top] [All Lists]
<prev [Date] next>
[Advanced]
 <prev [Thread] next>

[KAPDA::#56] - FREEKOT SQL Injection Vulnerability

from [farhadkey] Network Security [Permanent Link]
Subject: [KAPDA::#56] - FREEKOT SQL Injection Vulnerability
Date: 30 Aug 2006 11:53:30 -0000 
KAPDA New advisory

Vendor: http://www.digiappz.com
Vulnerability: SQL_Injection

Date :
--------------------
Found : Aug 10, 2006
Vendor Contacted : N/A
Release Date : Aug 30, 2006

About Freekot :
--------------------
FREEKOT is a free tool which allows you to insert a random quotation system or 
a quote of the day in your website.

Vulnerability:
--------------------
SQL_Injection:
Input passed to the "login" and "password" parameters when logging into the 
administration section isn't properly sanitised before being used in a SQL 
query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

PoC:
--------------------
http://www.kapda.ir/attach-1996-xpl_freekot.htm

Solution:
--------------------
No patch`s released yet by vendor.

Original Advisory:
--------------------
http://www.kapda.ir/advisory-410.html

Credit :
--------------------
FarhadKey of KAPDA
farhadkey [at} kapda <d0t> ir
Kapda - Security Science Researchers Insitute of Iran
http://www.KAPDA.ir
[More messages with this same subject...]




<Prev in Thread] Current Thread [Next in Thread>
  • [KAPDA::#56] - FREEKOT SQL Injection Vulnerability, farhadkey <=
Previous by Date:  XSS in HLstats 1.34, MC Iglo
Next by Date:  Re: JetBox cms (search_function.php) Remote File Include, Carsten Eilers
Previous by Thread:  XSS in HLstats 1.34, MC Iglo
Next by Thread:  ezContents Version 2.0.3 Remote/Local File Inclusion, SQL Injection, XSS, gmdarkfig
Indexes:  [Date] [Thread] [Top] [All Lists]