lists.openwall.net | lists / announce owl-users owl-dev john-users john-dev passwdqc-users yescrypt popa3d-users / oss-security kernel-hardening musl sabotage tlsify passwords / crypt-dev xvendor / Bugtraq Full-Disclosure linux-kernel linux-netdev linux-ext4 linux-hardening linux-cve-announce PHC | |
Open Source and information security mailing list archives
| ||
|
Date: 9 Nov 2007 21:25:48 -0000 From: drakomo@...il.com To: bugtraq@...urityfocus.com Subject: SQL injection bug found in TBSource. A vulnerability found in the popular bittorrent tracker TBSource code allows an attacker to inject SQL queries and read secret information from the database. The value of 'choice' passed to the script index.php is not properly sanitized. When a special tailored value is passed by an attacker, full reading access to the database is possible. Some projects based in TBSource like TBDev and TorrentStrike have been found to be affected by the same vulnerability. Bug discovered by Emiliano Scavuzzo
Powered by blists - more mailing lists