wsnuser Cookie SQL Injection vulnerability in WSN Guest

Summary

Vulnerability
wsnuser Cookie SQL Injection vulnerability in WSN Guest
Discovered
2011.02.01
Last Update
n/a n/a
ID
EV0174
CVE
CVE-2011-1060
Risk Level
medium
Type
SQL Injection
Status
Unpatched. Vendor notified. No reply from developer(s).
Vendor
n/a
Vulnerable Software
WSN Guest (http://www.webmastersite.net/?section=wsnguest)
Version
1.24
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in WSN Guest (http://www.webmastersite.net/?section=wsnguest) script.

SQL Injection in "wsnuser" Cookie
It is possible to inject arbitrary SQL query using wsnuser cookie parameter in the index.php script.

Parameter wsnuser is used in SQL query without proper sanitation.

PoC/Exploit

Cookie SQL Injection Example

Cookie SQL Injection PoC. HTTP query:
GET /wsnguest/index.php?debug=1 HTTP/1.0
Host: website
Cookie: wsnuser=[SQL Injection]

Solution.

Solution for "wsnuser Cookie SQL Injection vulnerability in WSN Guest" is not available. Check vendor's website for updates.