Info

Disclosure

Jun 19, 2006

Discovery

Unknown

Dates

Exploit

Jun 19, 2006

Solution

Unknown

Description

BtitTracker has been reported to contain a flaw that may allow an attacker to carry out an SQL injection attack. The issue is supposedly due to the torrents.php script not properly sanitizing user-supplied input to the 'by' and 'order' variables. However, subsequent testing and evaluation by multiple researchers indicate that an attacker could not use this to inject a valid SQL query, rather it can only be used to force an SQL error.

Classification

Location: Remote / Network Access
Attack Type: Information Disclosure, Input Manipulation
Impact: Loss of Confidentiality, Loss of Integrity
OSVDB: Web Related, Myth / Fake

Solution

The vulnerability reported is incorrect. No solution required.

Products

Btit

BtitTracker

1.3.2

References

Bugtraq ID: 18549
CVE ID: 2006-6972 (see also: NVD)
Secunia Advisory ID: 20753
ISS X-Force ID: 27216
VUPEN Advisory: ADV-2006-2445
Mail List Post: http://attrition.org/pipermail/vim/2006-June/000890.html
http://attrition.org/pipermail/vim/2006-June/000894.html
http://attrition.org/pipermail/vim/2006-June/000897.html
http://attrition.org/pipermail/vim/2006-June/000899.html
Other Advisory URL: http://pridels.blogspot.com/2006/06/btittracker-sql-injection-vuln.html [ Link is 404 ]
Vendor URL: http://www.btiteam.org/

Credit

r0t - krustevsgooglemail.com - UNSECURED SYSTEMS

Direct URL: http://osvdb.org/26653