Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline
packetstormAliaksandr HartsuyeuPACKETSTORM:96247
HistoryDec 01, 2010 - 12:00 a.m.

Wernhart Guestbook SQL Injection

2010-12-0100:00:00
Aliaksandr Hartsuyeu
packetstormsecurity.com
16
JSON
`New eVuln Advisory:  
Multiple SQL injections in Wernhart Guestbook  
Summary: http://evuln.com/vulns/149/summary.html   
Details: http://evuln.com/vulns/149/description.html   
  
-----------Summary-----------  
eVuln ID: EV0149  
Software: Wernhart Guestbook  
Vendor: Carl A. Wernhart  
Version: 2001.03.28  
Critical Level: low  
Type: SQL Injection  
Status: Unpatched. No reply from developer(s)  
PoC: Available  
Solution: Not available  
Discovered by: Aliaksandr Hartsuyeu ( http://evuln.com/ )  
--------Description--------  
Multiple SQL injections:  
All user-defined parameters are not sanitized.  
Arbitrary SQL injections are possible.  
Vulnerable scripts: insert.phtml, select.phtml.  
  
Conditions:  
magic_quotes_gpc = Off  
register_globals: On  
--------PoC/Exploit--------  
Multiple SQL inj example  
Here is 'union select' example:  
http://website/guestbook/insert.phtml?LastName=' union select 1,2,3,4,5,6/*  
---------Solution----------  
Not available  
----------Credit-----------  
Vulnerability discovered by Aliaksandr Hartsuyeu  
http://evuln.com/xss/url.html - recent url xss vulns  
`
JSON