ClipBucket Blind SQL Injection Vulnerability in Channel Comments

A blind SQL injection vulnerability has been identified in ClipBucket version 5.5.2-#187 and earlier. This issue arises in the add comment section of channels, where the 'obj_id' parameter in POST requests to the '/actions/ajax.php' endpoint is vulnerable. The parameter is used in the 'user_exists' function without proper validation or sanitization, allowing attackers to inject malicious SQL payloads. This vulnerability can be exploited without authentication if anonymous comments are enabled, which is the default setting.

Impact

Exploitation of this vulnerability allows attackers to perform blind SQL injection, enabling them to infer database behavior and potentially access sensitive information from the database. If anonymous comments are disabled, the vulnerability requires an authenticated user to exploit.

Reproduction

To reproduce this vulnerability, send a POST request to the '/actions/ajax.php' endpoint with the 'obj_id' parameter containing a crafted SQL injection payload, such as '1' or '1=1-- -'. If the injection is successful, the response will indicate whether the injected SQL query was executed, confirming the presence of the SQL injection vulnerability.