WSN Guest 1.24 – ‘wsnuser’ Cookie SQL Injection

Exploit Database
125 阅读

作者： Aliaksandr Hartsuyeu

日期： 2011-02-18
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/35360/

source: https://www.securityfocus.com/bid/46444/info

WSN Guest is prone to an SQL-injection vulnerability because the application fails to properly sanitize user-supplied input before using it in an SQL query.

A successful exploit could allow an attacker to compromise the application, access or modify data, or exploit vulnerabilities in the underlying database.

WSN Guest 1.24 is vulnerable; other versions may also be vulnerable.

GET /wsnguest/index.php?debug=1 HTTP/1.0

Host: www.example.com

Cookie: wsnuser=[SQL Injection]

last Exploits
WSN Guest 1.24 – ‘wsnuser’ Cookie SQL Injection的更多信息

Pandora FMS 3.1 – Authentication Bypass：
Card Payment 1.0 – Cross-Site Request Forgery (Update Admin)：
KevinLAB BEMS 1.0 – Authentication Bypass：
RASPcalendar 1.01 (ASP) – Admin Login：
Joomla! Component My Files 1.0 – Local File Inclusion：
ZeroShell ‘cgi-bin/kerbynet’ – Local File Disclosure：
Online Enrollment Management System 1.0 – Authentication Bypass：
WordPress Plugin Car Park Booking – SQL Injection：