CVE-2007-3518
hispah youtube_clone_script - SQL Injection via msg.php id Parameter
Title source: llmExploitation Summary
EIP tracks 1 public exploit for CVE-2007-3518. PoCs published by t0pP8uZz.
AI-analyzed exploit summary This exploit demonstrates a SQL injection vulnerability in the YouTube Clone Script, specifically in the msg.php file. The crafted URL retrieves admin credentials by leveraging a UNION-based SQL injection attack.
Description
SQL injection vulnerability in msg.php in HispaH YouTube Clone Script (youtubeclone) allows remote attackers to execute arbitrary SQL commands via the id parameter.
Exploits (1)
exploitdb
WORKING POC
VERIFIED
by t0pP8uZz · textwebappsphp
https://www.exploit-db.com/exploits/4136
This exploit demonstrates a SQL injection vulnerability in the YouTube Clone Script, specifically in the msg.php file. The crafted URL retrieves admin credentials by leveraging a UNION-based SQL injection attack.
Classification
Working Poc 95%
Attack Type
Sqli
Complexity
Trivial
Reliability
Reliable
Target:
YouTube Clone Script
No auth needed
Prerequisites:
Access to the vulnerable msg.php endpoint
devstral-2 · analyzed Feb 18, 2026
Full analysis →
References (6)
Core 6
Core References
Vendor Advisory third-party-advisory
x_refsource_secunia
http://secunia.com/advisories/25922
Third Party Advisory, VDB Entry vdb-entry
x_refsource_bid
http://www.securityfocus.com/bid/24720
Third Party Advisory, VDB Entry vdb-entry
x_refsource_xf
https://exchange.xforce.ibmcloud.com/vulnerabilities/35192
Third Party Advisory vdb-entry
x_refsource_vupen
http://www.vupen.com/english/advisories/2007/2400
Third Party Advisory, VDB Entry vdb-entry
x_refsource_osvdb
http://osvdb.org/36328
Exploit, Third Party Advisory exploit
x_refsource_exploit-db
https://www.exploit-db.com/exploits/4136
Scores
EPSS
0.0122
EPSS Percentile
64.8%
Details
Status
published
Products (1)
hispah/youtube_clone_script
Published
Jul 03, 2007
Tracked Since
Feb 18, 2026