WSN Links 'report.php' SQL Injection Vulnerability
BID:51222
Info
WSN Links 'report.php' SQL Injection Vulnerability
| Bugtraq ID: | 51222 |
| Class: | Input Validation Error |
| CVE: | |
| Remote: | Yes |
| Local: | No |
| Published: | Jan 02 2012 12:00AM |
| Updated: | Jan 02 2012 12:00AM |
| Credit: | H4ckCity Security Team |
| Vulnerable: |
WSN Links WSN Links 6.2.25 WSN Links WSN Links 6.0.1 WSN Links WSN Links 5.1.51 WSN Links WSN Links 5.1.49 WSN Links WSN Links 5.0.81 WSN Links WSN Links 4.0.34P |
| Not Vulnerable: | |
Discussion
WSN Links 'report.php' SQL Injection Vulnerability
WSN Links is prone to a SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue can allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
WSN Links is prone to a SQL-injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query.
Exploiting this issue can allow an attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database.
Exploit / POC
WSN Links 'report.php' SQL Injection Vulnerability
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/links/report.php?id=[SQLi]
Attackers can use a browser to exploit this issue.
The following example URI is available:
http://www.example.com/links/report.php?id=[SQLi]
Solution / Fix
WSN Links 'report.php' SQL Injection Vulnerability
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].
Solution:
Currently, we are not aware of any vendor-supplied patches. If you feel we are in error or if you are aware of more recent information, please mail us at: [email protected].