Readymade Video Sharing Script - SQL Injection (Error Based)

vendor:

Readymade Video Sharing Script

by:

Varun Bagaria

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: Readymade Video Sharing Script

Affected Version From: 3.2

Affected Version To: 3.2

Patch Exists: NO

Related CWE: NA

CPE: a:phpscriptsmall:readymade_video_sharing_script

Metasploit: N/A

Other Scripts: N/A

Platforms Tested: Windows 7

2018

Readymade Video Sharing Script – SQL Injection (Error Based)

An attacker can exploit this vulnerability by inserting a malicious payload in the search parameter of the website. This will result in an error based SQL Injection.

Mitigation:

Input validation should be done on the server side to prevent malicious payloads from being injected into the search parameter.

Source

Exploit-DB raw data:

##################################################################
# Exploit Title: Readymade Video Sharing Script - SQL Injection (Error Based)
# Google Dork: NA
# Date: 10.02.2018
# Exploit Author: Varun Bagaria
# Vendor Homepage: https://www.phpscriptsmall.com/
# Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/ 
# Version: 3.2
# Tested on: Windows 7
# Category: Webapps
# CVE :  NA
##################################################################

Proof of Concept
=================

Attack Parameter : search
Payload : '

Reproduction Steps:
------------------------------
1. Access the website
2. In the search bar insert ' and you will get error based SQL Injection