|
Neohapsis is currently accepting applications for employment. For more information, please visit our website www.neohapsis.com or email hr@neohapsis.com |
SQL injection bug found in TBSource.
drakomo
gmail.com
Date: Fri Nov 09 2007 - 15:25:48 CST
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]
A vulnerability found in the popular bittorrent tracker TBSource code allows an attacker to inject SQL queries and read secret information from the database.
The value of 'choice' passed to the script index.php is not properly sanitized. When a special tailored value is passed by an attacker, full reading access to the database is possible.
Some projects based in TBSource like TBDev and TorrentStrike have been found to be affected by the same vulnerability.
Bug discovered by Emiliano Scavuzzo
- Messages sorted by: [ date ] [ thread ] [ subject ] [ author ]