WSN Classifieds Multiple Cross Site Scripting and SQL Injection Vulnerabilities
BID:50892
Info
WSN Classifieds Multiple Cross Site Scripting and SQL Injection Vulnerabilities
| Bugtraq ID: | 50892 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Dec 02 2011 12:00AM |
| Updated: | Dec 06 2011 07:07PM |
| Credit: | RandomStorm and Avram Marius Gabriel (d3v1l) |
| Vulnerable: |
Paul Knierim WSN Software Directory 0 Paul Knierim WSN Shop 0 Paul Knierim WSN Knowledge Base 0 Paul Knierim WSN Gallery 0 Paul Knierim WSN Forum 0 Paul Knierim WSN Directory 0 Paul Knierim Classifieds 6.2.18 Paul Knierim Classifieds 6.2.12 |
| Not Vulnerable: |
Paul Knierim WSN Software Directory 6.2.22 Paul Knierim WSN Software Directory 6.2.20 Paul Knierim WSN Software Directory 6.0.34 Paul Knierim WSN Software Directory 5.1.64 Paul Knierim WSN Software Directory 5.0.87 Paul Knierim WSN Shop 6.2.22 Paul Knierim WSN Shop 6.2.20 Paul Knierim WSN Shop 6.0.34 Paul Knierim WSN Shop 5.1.64 Paul Knierim WSN Shop 5.0.87 Paul Knierim WSN Knowledge Base 6.2.22 Paul Knierim WSN Knowledge Base 6.2.20 Paul Knierim WSN Knowledge Base 6.0.34 Paul Knierim WSN Knowledge Base 5.1.64 Paul Knierim WSN Knowledge Base 5.0.87 Paul Knierim WSN Gallery 6.2.22 Paul Knierim WSN Gallery 6.2.20 Paul Knierim WSN Gallery 6.0.34 Paul Knierim WSN Gallery 5.1.64 Paul Knierim WSN Gallery 5.0.87 Paul Knierim WSN Forum 6.2.22 Paul Knierim WSN Forum 6.2.20 Paul Knierim WSN Forum 6.0.34 Paul Knierim WSN Forum 5.1.64 Paul Knierim WSN Forum 5.0.87 Paul Knierim WSN Directory 6.2.22 Paul Knierim WSN Directory 6.2.20 Paul Knierim WSN Directory 6.0.34 Paul Knierim WSN Directory 5.1.64 Paul Knierim WSN Directory 5.0.87 |
Discussion
WSN Classifieds Multiple Cross Site Scripting and SQL Injection Vulnerabilities
WSN Classifieds is prone to an SQL-injection and multiple cross-site scripting vulnerabilities.
Exploiting these vulnerabilities allows an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
WSN Classifieds 6.2.12 and 6.2.18 are vulnerable; other versions may also be affected.
WSN Classifieds is prone to an SQL-injection and multiple cross-site scripting vulnerabilities.
Exploiting these vulnerabilities allows an attacker to steal cookie-based authentication credentials, compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
WSN Classifieds 6.2.12 and 6.2.18 are vulnerable; other versions may also be affected.
Exploit / POC
WSN Classifieds Multiple Cross Site Scripting and SQL Injection Vulnerabilities
Attackers can exploit these issues by enticing an unsuspecting user to follow a malicious URI.
The following example URIs are available:
Attackers can exploit these issues by enticing an unsuspecting user to follow a malicious URI.
The following example URIs are available:
Solution / Fix
WSN Classifieds Multiple Cross Site Scripting and SQL Injection Vulnerabilities
Solution:
Updates are available. Please see the references for more information.
Solution:
Updates are available. Please see the references for more information.
References
WSN Classifieds Multiple Cross Site Scripting and SQL Injection Vulnerabilities
References:
References:
- WSN Classifieds Homepage (Paul Knierim)