RivetTracker multiple SQL injection vulnerabilities-vulnerability warning-the black bar safety net

2012-10-08T00:00:00
ID MYHACK58:62201235115
Type myhack58
Reporter 佚名
Modified 2012-10-08T00:00:00

Description

Affected system:

rivettracker rivettracker < =1.03

Description:

--------------------------------------------------------------------------------

BUGTRAQ ID: 5 2 2 8 3

CVE ID: CVE-2 0 1 2-4 9 9 6

RivetTracker is PHPBTTracker the revised version by"DeHackEd"with PHP, using MySQL as the database back-end, providing a bit flow tracking function.

RivetTracker 1.03 and other version within the presence of a plurality ofSQL injectionvulnerability 可 允许 远程 攻击 者 通过 哈希 参数 向 dltorrent.php and torrent_functions. php pass parameter to exploit this vulnerability, resulting in arbitrary SQL command execution.

<*source: Ali Raheem

Links: http://secunia.com/advisories/48245

http://www.exploit-db.com/exploits/18553/

http://xforce.iss.net/xforce/xfdb/73679

*>

Recommendations:

--------------------------------------------------------------------------------

Manufacturers patch:

rivettracker

------------

The current vendor has not provided the patch or upgrade process, we recommend the use of this software users follow the manufacturer's home page to get the latest version:

http://www.rivetcode.com/software/rivettracker/