Multiple SQL inj in Wernhart Guestbook

Summary

Vulnerability
Multiple SQL inj in Wernhart Guestbook
Discovered
2010.11.17
Last Update
n/a n/a
ID
EV0149
CVE
n/a
Risk Level
low
Type
SQL Injection
Status
Unpatched. Vendor notified. No reply from developer(s).
Vendor
Carl A. Wernhart (http://www.wernhart.priv.at/)
Vulnerable Software
Wernhart Guestbook
Version
2001.03.28
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in Wernhart Guestbook script.

Multiple SQL inj
All user-defined parameters are not sanitized. Arbitrary SQL inj is possible. Vulnerable scripts: insert.phtml, select.phtml.
SQL inj condition:
magic_quotes_gpc = Off
register_globals: On

PoC/Exploit

Multiple SQL inj example
Here is 'union select' example:
http://website/guestbook/insert.phtml?LastName=' union select 1,2,3,4,5,6/*

Solution.

Solution for "Multiple SQL inj in Wernhart Guestbook" is not available. Check Carl A. Wernhart website for updates.