ClipBucket Blind SQL Injection Vulnerability in Admin Area

A blind SQL injection vulnerability has been identified in ClipBucket version 5.5.2 - #140 and earlier. The issue resides in the Admin Area, specifically within the 'login_as_user.php' file. This vulnerability allows an administrator with access to the Admin Area to manipulate SQL queries by injecting malicious payloads, potentially leading to unauthorized database access or modification.

Impact

Exploitation of this vulnerability allows for blind SQL injection, where an attacker can manipulate SQL queries and potentially access or modify database information. The blind nature of the injection means that the attacker cannot directly see the results of the SQL query execution, making the exploitation more complex.

Reproduction

To reproduce this vulnerability, an administrator must log into the ClipBucket Admin Area and navigate to the 'login_as_user.php' file. Once there, the administrator can inject a SQL payload into the 'uid' parameter. For example, injecting a payload that uses the SQL 'OR' operator to manipulate the query could exploit the vulnerability. The injection can be verified by observing a delay in the response time, indicating that the SQL injection was successful.

Remediation

Users are advised to update to ClipBucket version 5.5.2 - #142 or later. The vulnerability has been patched by validating the 'uid' parameter to ensure it is numeric before using it in SQL queries.