| VID |
21413 |
| Severity |
30 |
| Port |
80, ... |
| Protocol |
TCP |
| Class |
CGI |
| Detailed Description |
The TorrentTrader program has a 'download.php' SQL Injection Vulnerability.
TorrentTrader is an open-source BitTorrent tracker. TorrentTrader 1.0 RC2 and possibly earlier are vulnerable to a SQL Injection attack, caused by a failure of the application to properly validate user-supplied input. By sending a specially-crafted URL request to the 'download.php' file containing SQL code embedded in the 'id' parameter, a remote attacker could bypass authentication and add, modify or delete data in the backend database.
* References:
http://www.osvdb.org/displayvuln.php?osvdb_id=9510
http://packetstormsecurity.nl/0409-exploits/torrent_exp.php.txt
* Platforms Affected:
TorrentTrader 1.0 RC2 and possibly earlier
Any operating system Any version |
| Recommendation |
No upgrade or patch available as of November 2004.
Upgrade to the new version of TorrentTrader, when new version fixed this problem becomes available from the TorrentTrader Web site at http://www.torrenttrader.com/ |
| Related URL |
(CVE) |
| Related URL |
11087 (SecurityFocus) |
| Related URL |
17189 (ISS) |
|
