time SQL Injection vulnerability in WSN Guest

Summary

Vulnerability
time SQL Injection vulnerability in WSN Guest
Discovered
2011.02.02
Last Update
n/a n/a
ID
EV0175
CVE
CVE-2011-1061
Risk Level
medium
Type
SQL Injection
Status
Unpatched. Vendor notified. No reply from developer(s).
Vendor
n/a
Vulnerable Software
WSN Guest (http://www.webmastersite.net/?section=wsnguest)
Version
1.24
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in WSN Guest (http://www.webmastersite.net/?section=wsnguest) script.

SQL Injection in "time" parameter
It is possible to inject SQL expression using time parameter in the memberlist.php script.

Parameter time is used in SQL query without proper sanitation.

PoC/Exploit

SQL Injection Example

SQL Injection PoC:

http://website/wsnguest/memberlist.php? field=time%27&ascdesc=asc&perpage=25&debug=1

SQL expression injection is possible after ORDER BY.

Solution.

Solution for "time SQL Injection vulnerability in WSN Guest" is not available. Check vendor's website for updates.

Order Source Code Analysis made by eVuln team

Protect a website or web application by source code audit of your site done by Aliaksandr Hartsuyeu.The work will be done by experts in web security.

Advisories by vuln type

Website Monitoring

Daily malware scanning. Allows to receive alerts about security problems in your website.
Details >>

Malicious redirects detected?

eVuln team will eliminate the reason, clean your website and monitor it.
Details >>

Website blacklisted?

eVuln team will clean your website, discover and fix security holes, remove from blacklists.
Details >>