wsnuser Cookie SQL Injection vulnerability in WSN Guest
- wsnuser Cookie SQL Injection vulnerability in WSN Guest
- Last Update
- n/a n/a
- Risk Level
- SQL Injection
- Unpatched. Vendor notified. No reply from developer(s).
- Vulnerable Software
- WSN Guest (http://www.webmastersite.net/?section=wsnguest)
- Not available
- Discovered by
- Aliaksandr Hartsuyeu (eVuln.com)
SQL Injection found in WSN Guest (http://www.webmastersite.net/?section=wsnguest) script.
- SQL Injection in "wsnuser" Cookie
- It is possible to inject arbitrary SQL query using wsnuser cookie parameter in the index.php script.
Parameter wsnuser is used in SQL query without proper sanitation.
Cookie SQL Injection Example
Cookie SQL Injection PoC. HTTP query:
GET /wsnguest/index.php?debug=1 HTTP/1.0
Cookie: wsnuser=[SQL Injection]
Solution for "wsnuser Cookie SQL Injection vulnerability in WSN Guest" is not available. Check vendor's website for updates.
Order Source Code Test
Protect your website or web application by source code review of your website made by our team.The work will be done by specialists in website security.