"wsnuser" Cookie SQL Injection vulnerability in WSN Guest

2011-02-23 / 2011-02-24
Credit: Aliaksandr Hartsuyeu
Risk: High
Local: No
Remote: Yes
CVE: CVE-2011-1060
CWE: CWE-89


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

www.eVuln.com advisory: "wsnuser" Cookie SQL Injection vulnerability in WSN Guest -----------Summary----------- http://evuln.com/vulns/174/summary.html eVuln ID: EV0174 Software: WSN Guest Vendor: n/a Version: 1.24 Critical Level: medium Type: SQL Injection Status: Unpatched. No reply from developer(s) PoC: Available Solution: Not available Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ ) --------Description-------- http://evuln.com/vulns/174/description.html SQL Injection in "wsnuser" Cookie It is possible to inject arbitrary SQL query using "wsnuser" cookie parameter in the "index.php" script. Parameter "wsnuser" is used in SQL query without proper sanitation. --------PoC/Exploit-------- PoC code is available at: http://evuln.com/vulns/174/exploit.html ---------Solution---------- Not available ----------Credit----------- Vulnerability discovered by Aliaksandr Hartsuyeu http://evuln.com/penetration-test.html - website manual penetration testing

References:

http://xforce.iss.net/xforce/xfdb/65527
http://www.securityfocus.com/bid/46444
http://www.securityfocus.com/archive/1/archive/1/516519/100/0/threaded
http://secunia.com/advisories/43374
http://evuln.com/vulns/174/summary.html


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top