Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
securityvulnsSecurityvulnsSECURITYVULNS:DOC:14096
HistoryAug 31, 2006 - 12:00 a.m.

[KAPDA::#56] - FREEKOT SQL Injection Vulnerability

2006-08-3100:00:00
vulners.com
26
JSON

KAPDA New advisory

Vendor: http://www.digiappz.com
Vulnerability: SQL_Injection

Date :

Found : Aug 10, 2006
Vendor Contacted : N/A
Release Date : Aug 30, 2006

About Freekot :

FREEKOT is a free tool which allows you to insert a random quotation system or a quote of the day in your website.

Vulnerability:

SQL_Injection:
Input passed to the "login" and "password" parameters when logging into the administration section isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

PoC:

http://www.kapda.ir/attach-1996-xpl_freekot.htm

Solution:

No patch`s released yet by vendor.

Original Advisory:

http://www.kapda.ir/advisory-410.html

Credit :

FarhadKey of KAPDA
farhadkey [at} kapda <d0t> ir
Kapda - Security Science Researchers Insitute of Iran
http://www.KAPDA.ir

JSON