PHP Melody CMS 2.3 SQL Injection

2015-12-27T00:00:00
ID PACKETSTORM:135079
Type packetstorm
Reporter V For Vendetta
Modified 2015-12-27T00:00:00

Description

                                        
                                            `================================================================================  
# PHP Melody CMS v2.3 SQL injection  
================================================================================  
# Vendor Homepage: https://www.phpsugar.com  
# Date: 26/12/2015  
# Script Link: https://www.phpsugar.com/blog/2015/04/get-php-melody-v2-3/  
# Version : 2.3  
# Author: Ashiyane Digital Security Team  
================================================================================  
#Description :  
PHP Melody was created by Andrew Rae back in the autumn of 2007 as a  
simple music videos gallery. During its 8 years of existence, PHP  
Melody has evolved from this minimalist video gallery into an extended  
Video CMS. At the present time, PHP Melody is developed entirely by  
Paul, while Andrew manages the project and provides customer support.  
  
# Vulnerable File : videos.php  
  
# Vulnerable Code:  
  
56: mysql_query $result = mysql_query($sql);  
50: $sql = "SELECT pm_videos.*, pm_videos_urls.mp4,  
pm_videos_urls.direct FROM pm_videos LEFT JOIN pm_videos_urls  
ON (pm_videos.uniq_id = pm_videos_urls.uniq_id) WHERE  
pm_videos.uniq_id = '" . $video_id . "'";  
48: $video_id = secure_sql($_GET['vid']);  
  
#Vuln Parameter: vid  
  
# PoC :  
http://localhost/videos.php?vid=1'  
  
================================================================================  
# Discovered By : V For Vendetta  
================================================================================  
`