What's new
By:
Filters
Carding forum - Trusted Carding Forum - ATN card the World - Carding Forums - Carders Forums - Dread Forums.-

Welcome to legitcarding.net, your premier destination for all things carding! Dive into the world's top legit carding community, offering worldwide transfers via PayPal, Cashapp, Venmo, Western Union, and beyond. Gain access to credit card fullz, CC dumps, bank logs, and an array of premium services. Plus, enjoy complimentary gift cards and exclusive bonuses. Don't wait—unlock instant access now to scripts, carding guides, and more! Join us today and elevate your carding experience to new heights

YouPHPTube 7.7 SQL Injection Vulnerability

Drake Carder

Drake Carder

Verified & Certified Pro Forum Carder♛
Staff member
Premium User
Support Staff
Verified Seller
♛ Forum Elite ♛
Registered
Joined
Feb 28, 2024
Messages
2,752
Reaction score
280
Points
1,013
Awards
9
YouPHPTube <= 7.7 (getChat.json.php) SQL Injection Vulnerability
----------------------------------------------------------------

[-] Software Link:
https://www.youphptube.com

[-] Affected Versions:
Version 7.7 and prior versions.

[-] Vulnerability Description:
User input passed through the "live_stream_code" POST parameter to
/plugin/LiveChat/getChat.json.php is not properly sanitized before
being used to construct a SQL query. This can be exploited by malicious
users to e.g. read sensitive data from the database through in-band SQL
Injection attacks. Successful exploitation of this vulnerability
requires the "Live Chat" plugin to be enabled (disabled by default).

[-] Solution:
Upgrade to version 7.8 or later.

[-] Disclosure Timeline:
[31/10/2019] - Issue reported to https://git.io/JeD2U
[02/11/2019] - CVE number assigned
[02/12/2019] - Versions 7.8 released
[04/12/2019] - Publication of this advisory

[-] CVE Reference:
The Common Vulnerabilities and Exposures project (cve.mitre.org)
has assigned the name CVE-2019-18662 to this vulnerability.
 
You must log in or register to reply here.
Back
Top