i tested the some of the known SQL injection exploits that were going round and one did reveal the administrator username and MD5 encrypted password on vshare. i PM'ed the vshare admin with the details and its patched in the last release.

on other youtube clone scripts i could get the admin username and password though and i read many sites are being hacked using it. Glad that vshare is protected from that one at least.

Maybe there are more though? :(