Tags
0-day, 1.2.3, 2563, bugs, computer-engineering, CVE-2015, database, exploit, I-tech, JingWang, mas, math, php flaw, phpVID, query, sensitive information, singapore, spms, SQL Injection, user data, Vastal, Website Bug
CVE-2015-2563 – Vastal I-tech phpVID 1.2.3 SQL Injection Web Security Vulnerabilities
Exploit Title: CVE-2015-2563 Vastal I-tech phpVID /groups.php Multiple Parameters SQL Injection Web Security Vulnerabilities
Product: phpVID
Vendor: Vastal I-tech
Vulnerable Versions: 1.2.3 0.9.9
Tested Version: 1.2.3 0.9.9
Advisory Publication: March 13, 2015
Latest Update: April 25, 2015
Vulnerability Type: Improper Neutralization of Special Elements used in an SQL Command (‘SQL Injection’) [CWE-89]
CVE Reference: CVE-2015-2563
CVSS Severity (version 2.0):
CVSS v2 Base Score: 7.5 (HIGH) (AV:N/AC:L/Au:N/C:P/I:P/A:P) (legend)
Impact Subscore: 6.4
Exploitability Subscore: 10.0
CVSS Version 2 Metrics:
Access Vector: Network exploitable
Access Complexity: Low
Authentication: Not required to exploit
Impact Type: Allows unauthorized disclosure of information; Allows unauthorized modification; Allows disruption of service
Credit: Wang Jing [School of Physical and Mathematical Sciences (SPMS), Nanyang Technological University (NTU), Singapore] (@justqdjing)
Direction Details:
(1) Vendor & Product Description:
Vendor:
Vastal I-tech
Product & Vulnerable Versions:
phpVID
1.2.3
0.9.9
Vendor URL & Download:
phpVID can be approached from here,
http://www.vastal.com/phpvid-the-video-sharing-software.html#.VP7aQ4V5MxA
Product Introduction Overview:
“phpVID is a video sharing software or a video shating script and has all the features that are needed to run a successful video sharing website like youtube.com. The features include the following. phpVID is the best youtube clone available. The latest features include the parsing of the subtitles file and sharing videos via facebook. With phpVID Video Sharing is extremely easy.”
“The quality of code and the latest web 2.0 technologies have helped our customers to achieve their goals with ease. Almost all customers who have purchased phpVID are running a successful video sharing website. The quality of code has helped in generating more then 3 million video views a month using a “single dedicated server”. phpVID is the only software in market which was built in house and not just purchased from someone. We wrote the code we know the code and we support the code faster then anyone else. Have any questions/concerns please contact us at: info@vastal.com. See demo at: http://www.phpvid.com. If you would like to see admin panel demo please email us at: info@vastal.com.”
“Server Requirements:
Preferred Server: Linux any Version
PHP 4.1.0 or above
MySQL 3.1.10 or above
GD Library 2.0.1 or above
Mod Rewrite and .htaccess enabled on server.
FFMPEG (If you wish to convert the videos to Adobe Flash)”
(2) Vulnerability Details:
phpVID web application has a computer security bug problem. It can be exploited by SQL Injection attacks. This may allow an attacker to inject or manipulate SQL queries in the back-end database, allowing for the manipulation or disclosure of arbitrary data. Other bug hunter researchers have found some SQL Injection vulnerabilities related to it before, too. phpVID has patched some of them.
Several other similar products 0-day vulnerabilities have been found by some other bug hunter researchers before. phpVID has patched some of them. “Openwall software releases and other related files are also available from the Openwall file archive and its mirrors. You are encouraged to use the mirrors, but be sure to verify the signatures on software you download. The more experienced users and software developers may use our CVSweb server to browse through the source code for most pieces of Openwall software along with revision history information for each source file. We publish articles, make presentations, and offer professional services.” Openwall has published suggestions, advisories, solutions details related to important vulnerabilities.
(2.1) The first code programming flaw occurs at “&order_by” “&cat” parameters in “groups.php?” page.
Related Links:
http://packetstormsecurity.com/files/130754/Vastal-I-tech-phpVID-1.2.3-SQL-Injection.html
https://progressive-comp.com/?l=full-disclosure&m=142601071700617&w=2
http://seclists.org/fulldisclosure/2015/Mar/58
http://permalink.gmane.org/gmane.comp.security.fulldisclosure/1699
http://lists.openwall.net/full-disclosure/2015/03/10/8
http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142601071700617&w=2
http://www.tetraph.com/blog/xss-vulnerability/cve-2015-2563/
http://static-173-79-223-25.washdc.fios.verizon.net/?l=full-disclosure&m=142551597501701&w=2
https://cxsecurity.com/issue/WLB-2015020091
https://www.facebook.com/permalink.php?story_fbid=935563809832135&id=874373602617823
http://t.qq.com/p/t/482410003538035
http://biboying.lofter.com/post/1cc9f4f5_6ee2aa5
http://mathpost.tumblr.com/post/118768553885/xingti-cve-2015-2563-vastal-i-tech-phpvid
http://essayjeans.lofter.com/post/1cc7459a_6ee4fcb
http://xingti.tumblr.com/post/118768481545/cve-2015-2563-vastal-i-tech-phpvid-1-2-3-sql
https://plus.google.com/113698571167401884560/posts/gftS84rfD3A
https://itswift.wordpress.com/2015/05/12/cve-2015-2563-vastal-i-tech-phpvid/
https://www.facebook.com/essayjeans/posts/827458144012006
https://tetraph.wordpress.com/2015/05/12/cve-2015-2563-vastal-i-tech-phpvid/
http://mathstopic.blogspot.com/2015/05/cve-2015-2563-vastal-i-tech-phpvid-123.html
http://yurusi.blogspot.sg/2015/05/cve-2015-2563-vastal-i-tech-phpvid-123.html
https://twitter.com/tetraphibious/status/598057025247907840
http://tetraph.blog.163.com/blog/static/23460305120154125453111/
