time SQL Injection vulnerability in WSN Guest

Summary

Vulnerability
time SQL Injection vulnerability in WSN Guest
Discovered
2011.02.02
Last Update
n/a n/a
ID
EV0175
CVE
CVE-2011-1061
Risk Level
medium
Type
SQL Injection
Status
Unpatched. Vendor notified. No reply from developer(s).
Vendor
n/a
Vulnerable Software
WSN Guest (http://www.webmastersite.net/?section=wsnguest)
Version
1.24
PoC/Exploit
Available
Solution
Not available
Discovered by
Aliaksandr Hartsuyeu (eVuln.com)

Description

SQL Injection found in WSN Guest (http://www.webmastersite.net/?section=wsnguest) script.

SQL Injection in "time" parameter
It is possible to inject SQL expression using time parameter in the memberlist.php script.

Parameter time is used in SQL query without proper sanitation.

PoC/Exploit

SQL Injection Example

SQL Injection PoC:

http://website/wsnguest/memberlist.php? field=time%27&ascdesc=asc&perpage=25&debug=1

SQL expression injection is possible after ORDER BY.

Solution.

Solution for "time SQL Injection vulnerability in WSN Guest" is not available. Check vendor's website for updates.