TorrentTrader download.php id Variable SQL Injection

2004-09-01T08:22:45
ID OSVDB:9510
Type osvdb
Reporter aCiDBiTS(acidbits@hotmail.com)
Modified 2004-09-01T08:22:45

Description

Vulnerability Description

TorrentTrader contains a flaw that will allow an attacker to inject arbitrary SQL code. The issue is that the 'id' variable in the download.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

Solution Description

Currently, there are no known upgrades or patches to correct this issue. It is possible to correct the flaw by implementing the following workaround:
Open your download.php file and find the following (around line 7):

//$id = $_GET["id"];

Replace it by this:

$id = (int)$_GET["id"];

Short Description

TorrentTrader contains a flaw that will allow an attacker to inject arbitrary SQL code. The issue is that the 'id' variable in the download.php script is not verified properly and will allow an attacker to inject or manipulate SQL queries.

References:

Vendor URL: http://www.torrenttrader.com/ Secunia Advisory ID:12439 Mail List Post: http://archives.neohapsis.com/archives/fulldisclosure/2004-08/1305.html