WSN Guest version 1.24 suffers from a remote SQL injection vulnerability.
3721d9ddd4728ff543339e28099e00ef8a376eab430aa7b4befa266cec6786e8www.eVuln.com advisory:
"wsnuser" Cookie SQL Injection vulnerability in WSN Guest
-----------Summary-----------
http://evuln.com/vulns/174/summary.html
eVuln ID: EV0174
Software: WSN Guest
Vendor: n/a
Version: 1.24
Critical Level: medium
Type: SQL Injection
Status: Unpatched. No reply from developer(s)
PoC: Available
Solution: Not available
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )
--------Description--------
http://evuln.com/vulns/174/description.html
SQL Injection in "wsnuser" Cookie
It is possible to inject arbitrary SQL query using "wsnuser" cookie parameter in the "index.php" script.
Parameter "wsnuser" is used in SQL query without proper sanitation.
--------PoC/Exploit--------
PoC code is available at:
http://evuln.com/vulns/174/exploit.html
Cookie SQL Injection Example
Cookie SQL Injection PoC. HTTP query:
GET /wsnguest/index.php?debug=1 HTTP/1.0
Host: website
Cookie: wsnuser=[SQL Injection]
---------Solution----------
Not available
----------Credit-----------
Vulnerability discovered by Aliaksandr Hartsuyeu
http://evuln.com/penetration-test.html - website manual penetration testing
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed