Lucene search
K
Catalog
Vendors
Products
Timeline
Vulnerabilities
Sources
Documentation
Blog
Glossary
FAQ
Brand assets
Assessment
Agents dashboard
Agent Scanning
API Scanning
Assessment API
Alerts
Email notifications
Webhook notifications
Alerts API
SBOM package analysis
API Reference
Support
Settings
Sign in

torrenttrader-sql.txt

🗓️ 02 Jun 2008 00:00:00Reported by Chris VaughnType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 18 Views

SQL Injection allows authorization bypass in Torrent Trader Classic v1.0

Code
`SQL Injection leading to authorization bypass in Torrent Trader  
Classic v1.08 and earlier  
  
# Discovered by: Charles Vaughn ([email protected])  
  
# Software: http://sourceforge.net/projects/torrenttrader  
  
# Status: Vendor Notified, updated version available  
  
# Vulnerability  
  
TorrentTrader is a popular torrent tracker platform written in PHP.  
In order to download a restricted torrent, a user must first log into  
the application. Their IP is then stored in the permissible users.  
When their bittorrent client connects, this IP is checked against the  
allowed clients.  
  
It is possible to get a list of all IPs in the client database,  
through a SQL injection hole in scrape.php.  
  
http://www.example.com/scrape.php?info_hash=%22union%20select%201,1,1,1,ip%20from%20users--%20%20%20  
  
An attacker can use a local proxy or other means to include either  
HTTP_X_FORWARDED_FOR or HTTP_CLIENT_IP header into their bittorrent  
clients requests, along with a chosen IP address to masquerade as.  
  
The user then has the ability to use the tracker as a normal user.  
  
Resolution: Upgrade or copy over the scrape.php from the May 2008  
release of v1.08  
`

Data

Build on a solid foundation with Vulners data

We provide the essential building blocks for cybersecurity solutions with comprehensive, structured, and constantly updated vulnerability and exploits data

Api

Power your application with Vulners API

The Vulners REST API offers reliable, high-performance access to vulnerability intelligence, with 99.9% SLA uptime and CDN-backed data delivery for seamless global access

App

Assess and manage vulnerabilities with Vulners tools

Built on top of Vulners' database and SDK, end-user solutions give security professionals and developers lightweight and powerful tools for vulnerability remediation

Book a live demo
02 Jun 2008 00:00Current
7.4High risk
Vulners AI Score7.4
sql injectionauthorization bypasstorrent traderphpvulnerabilityippermissible usersbittorrent clientupgradescrape.phprelease
18