by r0t,der4444,cembo,VietMafia

Monday, June 19, 2006

BtitTracker SQL injection vuln.

###############################################
Vuln. discovered by : r0t
Date: 19 june 2006
vendor:http://www.btiteam.org/
affected versions:v.1.3.2 and prior
###############################################

Vuln. Description:

BtitTracker contains a flaw that allows a remote sql injection attacks.Input passed to the "by" and "order" parameter in "torrents.php" isn't properly sanitised before being used in a SQL query.
This can be exploited to manipulate SQL queries by injecting arbitrary SQL code.

###############################################
Solution:
Edit the source code to ensure that input is properly sanitised.
###############################################
More information @ unsecured-systems.com/forum/

4 Comments:

Anonymous Anonymous told...

Thank you for your vulnerability disclosure. However, due to the usage of the reported parameters, it does not appear that SQL command execution is possible, as these variables are used after a SQL "ORDER BY" clause.

Could you please provide an example exploit?

Thank you in advance for your assistance.

9:36 PM

 
Anonymous Anonymous told...

Could you please send the exploit example to cve@mitre.org?

Thank you.

9:47 PM

 
Blogger r0t told...

i read your discuz @ mailist.

uknown isnt same like negative or false.

For me exploit tehnique is also uknown , but did you are 100% sure its isnt exploitable?

1:32 PM

 
Anonymous CobraCRK told...

i don't think is exploitable... i tried multiple injections on it, and it's stable...

5:01 PM

 

Post a Comment

<< Home

 
Copyright (c) 2006 Pridels Sec Crew