BtitTracker SQL injection vuln.
###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:http://www.btiteam.org/
affected versions:v.1.3.2 and prior
###############################################
Vuln. Description:
BtitTracker contains a flaw that allows a remote sql injection attacks.Input passed to the "by" and "order" parameter in "torrents.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.
###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/
r0t at 15:39
4 Comments:
Thank you for your vulnerability disclosure. However, due to the usage of the reported parameters, it does not appear that SQL command execution is possible, as these variables are used after a SQL "ORDER BY" clause.
Could you please provide an example exploit?
Thank you in advance for your assistance.
9:36 PM
Could you please send the exploit example to cve@mitre.org?
Thank you.
9:47 PM
i read your discuz @ mailist.
uknown isnt same like negative or false.
For me exploit tehnique is also uknown , but did you are 100% sure its isnt exploitable?
1:32 PM
i don't think is exploitable... i tried multiple injections on it, and it's stable...
5:01 PM
Post a Comment
<< Home