Readymade Video Sharing Script 3.2 SQL Injection

2018.02.13

Credit: Varun Bagaria

Risk: Medium

Local: No

Remote: Yes

CVE: N/A

CWE: CWE-89

##################################################################
# Exploit Title: Readymade Video Sharing Script - SQL Injection (Error Based)
# Google Dork: NA
# Date: 10.02.2018
# Exploit Author: Varun Bagaria
# Vendor Homepage: https://www.phpscriptsmall.com/
# Software Link: https://www.phpscriptsmall.com/product/php-video-sharing-script/
# Version: 3.2
# Tested on: Windows 7
# Category: Webapps
# CVE : NA
##################################################################
Proof of Concept
=================
Attack Parameter : search
Payload : '
Reproduction Steps:
------------------------------
1. Access the website
2. In the search bar insert ' and you will get error based SQL Injection

See this note in RAW Version

Vote for this issue:

50%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Readymade Video Sharing Script 3.2 SQL Injection

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.