OSVDB ID: 86666

Title: phpMyBitTorrent staff.php staff_table Parameter Cache File PHP Code Injection

Info

Disclosure

Oct 03, 2012

Discovery

Unknown

Dates

Exploit

Oct 03, 2012

Solution

Unknown

Description

phpMyBitTorrent contains a flaw that is triggered when certain user-supplied input passed via the 'staff_table' parameter is not properly sanitized in the staff.php script. This may allow a remote attacker to inject arbitrary PHP code to the cache file.

Classification

Location: Remote / Network Access
Attack Type: Input Manipulation
Impact: Loss of Integrity
Solution: Solution Unknown
Exploit: Exploit Public
Disclosure: Third-party Verified, Uncoordinated Disclosure
OSVDB: Web Related

Solution

OSVDB is not aware of a solution for this vulnerability.

Products

phpMyBitTorrent

2.04

References

Exploit Database: 21743
Secunia Advisory ID: 50829
Related OSVDB ID: 86627 86628 86629 86630 86631 86632 86633 86634 86635 86636 86637 86638 86639 86640 86641 86642 86643 86644 86645 86646 86647 86648 86649 86650 86651 86652 86653 86654 86655 86656 86657 86658 86659 86660 86661 86662 86663 86664 86665 86667 86668
Mail List Post: http://seclists.org/fulldisclosure/2012/Oct/30
Other Advisory URL: http://www.waraxe.us/advisory-91.html

Credit

Unknown or Incomplete

Direct URL: http://osvdb.org/86666