YouTube Clone Script SQLi: 27.000 Sites Vulnerable.

Publicated on : 1183483424
Don't worry, it doesn't has anything to do with Youtube itself. The YouTube Clone Script is a software package that aims to clone Youtube and gives webmasters a chance of launching a Youtube like site themselfs. But, it has issues with SQL injection as t0pP8uZz & xprog show us. There is a remote SQL injection in msg.php which allow us to obtain login credentials. This again shows how dangerous it is to use software that everyone else uses. If a vulnerability is found, thousands of sites become instantly vulnerable. In this case I Googled about 27.000 sites. Who needs XSS: instant admin on the fly with our friend SQL injection.

FYI
The first hex string below is: "t0pP8uZz and xprog ownage" and the second translates to: "admin_name"