Could possibly use this for a malicious purpose.

intext:Powered by YOURLS v + intext:Enter a new URL to shorten

POC example is a big site. Right? 
It's vulnerable to this.

I'm assuming you don't want these linked openly, right? - Here you can see the following:
IP addresses, stats, etc. and you can modify the links to something dangerous.


DB driver: pdo
SELECT `option_name`, `option_value` FROM `yourls_options` WHERE 1=1
Check for new version: no
SELECT COUNT(keyword) as count, SUM(clicks) as sum FROM `yourls_url` WHERE 1=1 
SELECT * FROM `yourls_url` WHERE 1=1  ORDER BY `timestamp` desc LIMIT 0, 15;

# siph0n [2016-06-23]