ClipBucket Multiple SQL Injection Vulnerabilities

by Carol~ Moderator - 12/10/12 11:48 AM

In Reply to: VULNERABILITIES / FIXES - December 10, 2012 by Carol~ Moderator

Release Date : 2012-12-10

Criticality level : Moderately critical
Impact : Manipulation of data
Where : From remote
Solution Status : Vendor Patch

Software: ClipBucket 2.x

Description:
High-Tech Bridge has discovered multiple vulnerabilities in ClipBucket, which can be exploited by malicious users and malicious people to conduct SQL injection attacks.

Input passed via multiple parameters to multiple scripts is not properly sanitised before being used in a SQL query. This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

List of affected scripts and parameters:
http://[host]/user_contacts.php?user
http://[host]/view_channel.php?user
http://[host]/view_page.php?pid
http://[host]/view_topic.php?tid
http://[host]/watch_video.php?v
http://[host]/ajax.php?mode=add_friend&uid (POST)
http://[host]/ajax.php?mode=share_object&type=video&id (POST)
http://[host]/ajax.php?mode=share_object&type=photo&id (POST)
http://[host]/ajax.php?mode=share_object&type=collection&id (POST)
http://[host]/ajax.php?mode=flag_object&type=video&id (POST)
http://[host]/ajax.php?mode=flag_object&type=photo&id (POST)
http://[host]/ajax.php?mode=flag_object&type=collection&id (POST)
http://[host]/ajax.php?mode=flag_object&type=user&id (POST)
http://[host]/ajax.php?mode=load_more_items&type=videos&cid (POST)
http://[host]/ajax.php?mode=load_more_items&type=photos&cid (POST)

The vulnerabilities are confirmed in version 2.6-r738. Prior versions may also be affected.

Solution:
Update to version 2.6-r738-security-fixed-p2.

Provided and/or discovered by:
High-Tech Bridge

Original Advisory:
HTB23125:
https://www.htbridge.com/advisory/HTB23125

http://secunia.com/advisories/51460/