CVE-2015-2563 - Vastal I-tech phpVID 1.2.3 SQL Injection Web Security Vulnerabilities
Exploit Title: CVE-2015-2563 Vastal I-tech phpVID /groups.php Multiple Parameters SQL Injection Web Security Vulnerabilities
Product: phpVID
Vendor: Vastal I-tech
Vulnerable Versions: 1.2.3 0.9.9
Tested Version: 1.2.3 0.9.9
Advisory Publication: March 13, 2015
Latest Update: April 25, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command ('SQL Injection') [CWE-89]
CVE Reference: CVE-2015-2563
CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
Credit: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
Direction Details:
(1) Vendor & Product Description:
Vendor:
Vastal I-tech
Product & Vulnerable Versions:
phpVID
1.2.3
0.9.9
Vendor URL & Download:
phpVID can be approached from here,
Product Introduction Overview:
"phpVID
is a video sharing software or a video shating script and has all the
features that are needed to run a successful video sharing website like
youtube.com. The features include the following. phpVID is the best
youtube clone available. The latest features include the parsing of the
subtitles file and sharing videos via facebook. With phpVID Video
Sharing is extremely easy."
"The
quality of code and the latest web 2.0 technologies have helped our
customers to achieve their goals with ease. Almost all customers who
have purchased phpVID are running a successful video sharing website.
The quality of code has helped in generating more then 3 million video
views a month using a "single dedicated server". phpVID is the only
software in market which was built in house and not just purchased from
someone. We wrote the code we know the code and we support the code
faster then anyone else. Have any questions/concerns please contact us
at: info@vastal.com. See demo at: www.phpvid.com. If you would like to
see admin panel demo please email us at: info@vastal.com."
"Server Requirements:
Preferred Server: Linux any Version
PHP 4.1.0 or above
MySQL 3.1.10 or above
GD Library 2.0.1 or above
Mod Rewrite and .htaccess enabled on server.
FFMPEG (If you wish to convert the videos to Adobe Flash)"
(2) Vulnerability Details:
phpVID
web application has a computer security bug problem. It can be
exploited by SQL Injection attacks. This may allow an attacker to inject
or manipulate SQL queries in the back-end database, allowing for the
manipulation or disclosure of arbitrary data. Other bug hunter
researchers have found some SQL Injection vulnerabilities related to it
before, too. phpVID has patched some of them.
Several
other similar products 0-day vulnerabilities have been found by some
other bug hunter researchers before. phpVID has patched some of them.
"Openwall software releases and other related files are also available
from the Openwall file archive and its mirrors. You are encouraged to
use the mirrors, but be sure to verify the signatures on software you
download. The more experienced users and software developers may use our
CVSweb server to browse through the source code for most pieces of
Openwall software along with revision history information for each
source file. We publish articles, make presentations, and offer
professional services." Openwall has published suggestions, advisories,
solutions details related to important vulnerabilities.
(2.1) The first code programming flaw occurs at "&order_by" "&cat" parameters in "groups.php?" page.
