PHP Melody CMS version 2.3 suffers from a remote SQL injection vulnerability.
3ce0e6de5b497053859c2d83646c7f89a4d121e02e130934677bae1f948ac14a
================================================================================
# PHP Melody CMS v2.3 SQL injection
================================================================================
# Vendor Homepage: https://www.phpsugar.com
# Date: 26/12/2015
# Script Link: https://www.phpsugar.com/blog/2015/04/get-php-melody-v2-3/
# Version : 2.3
# Author: Ashiyane Digital Security Team
================================================================================
#Description :
PHP Melody was created by Andrew Rae back in the autumn of 2007 as a
simple music videos gallery. During its 8 years of existence, PHP
Melody has evolved from this minimalist video gallery into an extended
Video CMS. At the present time, PHP Melody is developed entirely by
Paul, while Andrew manages the project and provides customer support.
# Vulnerable File : videos.php
# Vulnerable Code:
56: mysql_query $result = mysql_query($sql);
50: $sql = "SELECT pm_videos.*, pm_videos_urls.mp4,
pm_videos_urls.direct FROM pm_videos LEFT JOIN pm_videos_urls
ON (pm_videos.uniq_id = pm_videos_urls.uniq_id) WHERE
pm_videos.uniq_id = '" . $video_id . "'";
48: $video_id = secure_sql($_GET['vid']);
#Vuln Parameter: vid
# PoC :
http://localhost/videos.php?vid=1'
================================================================================
# Discovered By : V For Vendetta
================================================================================