Computer Security

Security Advisory: [KAPDA::#56] - FREEKOT SQL Injection Vulnerability
back  news / advisories / forum / software / advertising / search / exploits  forward
[EN] securityvulns.ru
no-pyccku



Related information

  Daily web applications security vulnerabilities summary (PHP, ASP, JSP, CGI, Perl)

  [ECHO_ADV_46$2006] ExBB v1.9.1 (exbb[home_path])
Multiple Remote File Inclusion

  [SA21659] CubeCart Multiple Vulnerabilities

  phpAtm <= 1.21 (include_location
) Remote File Include Vulnerabilities

  YACS CMS <= 6.6.1 context[path_to_root]
Remote File Include Vuln

From:farhad koosha <farhadkey_(at)_yahoo.com>
Date:31.08.2006
Subject:[KAPDA::#56] - FREEKOT SQL Injection Vulnerability

KAPDA New advisory

Vendor: http://www.digiappz.com
Vulnerability: SQL_Injection

Date :
--------------------
Found : Aug 10, 2006
Vendor Contacted : N/A
Release Date : Aug 30, 2006

About Freekot :
--------------------
FREEKOT is a free tool which allows you to insert a random quotation system or a quote of the day in your website.

Vulnerability:
--------------------
SQL_Injection:
Input passed to the "login" and "password" parameters when logging into the administration section isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

PoC:
--------------------
http://www.kapda.ir/attach-1996-xpl_freekot.htm

Solution:
--------------------
No patch`s released yet by vendor.

Original Advisory:
--------------------
http://www.kapda.ir/advisory-410.html

Credit :
--------------------
FarhadKey of KAPDA
farhadkey [at} kapda <d0t> ir
Kapda - Security Science Researchers Insitute of Iran
http://www.KAPDA.ir

About | Terms of use | Privacy Policy
© SecurityVulns, 3APA3A, Vladimir Dubrovin
Nizhny Novgorod

 
 


Rating@Mail.ru