Date: 30 Aug 2006 11:53:30 -0000
From: [email protected]
To: [email protected]Subject: [KAPDA::#56] - FREEKOT SQL Injection Vulnerability
X-Virus-Scanned: antivirus-gw at tyumen.ru
KAPDA New advisory
Vendor: http://www.digiappz.com
Vulnerability: SQL_Injection
Date :
--------------------
Found : Aug 10, 2006
Vendor Contacted : N/A
Release Date : Aug 30, 2006
About Freekot :
--------------------
FREEKOT is a free tool which allows you to insert a random quotation system or a quote of the day in your website.
Vulnerability:
--------------------
SQL_Injection:
Input passed to the "login" and "password" parameters when logging into the administration section isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
PoC:
--------------------
http://www.kapda.ir/attach-1996-xpl_freekot.htm
Solution:
--------------------
No patch`s released yet by vendor.
Original Advisory:
--------------------
http://www.kapda.ir/advisory-410.html
Credit :
--------------------
FarhadKey of KAPDA
farhadkey [at} kapda <d0t> ir
Kapda - Security Science Researchers Insitute of Iran
http://www.KAPDA.ir
