[3/5] vShare YouTube Clone “tid” SQL Injection Vulnerability

May 9th, 2008 by

[3/5] vShare YouTube Clone “tid” SQL Injection Vulnerability

:Saime has reported a vulnerability in vShare YouTube Clone, which can be exploited by malicious people to conduct SQL injection attacks.Input passed to the "tid" parameter in group_posts.php is not properly sanitised before being used in SQL queries. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.The vulnerability is reported in version 2.6. Other versions may also be affected.Solution:Edit the source code to ensure that input is properly sanitised.Provided and/or discovered by:SaimeOriginal Advisory:http://milw0rm.com/exploits/5565

Original post by manisha

[3/5] vShare YouTube Clone “tid” SQL Injection Vulnerability

Related Articles:

[3/5] Youtube Script “id” SQL Injection Vulnerability

[2/5] Youtube Script “lang[please_wait]” Cross-Site Scripting Vulnerability

[4/5] Hot or Not Clone Multiple Vulnerabilities

[3/5] Drupal Simple Access Module Security Bypass

[3/5] Joomla! jooget Component “id” SQL Injection

Posted in Advisories - Exploits | | [3/5] vShare YouTube Clone “tid” SQL Injection Vulnerability

<< [2/5] Maian Recipe Cross-Site Scripting Vulnerabilities | [3/5] TFTP Server SP Long Error Message Buffer Overflow >>

Cybertrion Systems

[3/5] vShare YouTube Clone “tid” SQL Injection Vulnerability

Categories

Archives:

Search:

Meta: