Quote:
Originally Posted by hon
I think that it's impossible to sql inject TorrentTrader because it hash secret with the password before send the query.
|
Not even hashing is 100% secure because u can use Rainbow tables to possibly crack the passwords in the user table.
Also remember getting access to the user table isnt the only thing u can do with a sql injection. You can also upload a file containing code which can open a reverse shell.
What to do......
Like with many things the internet has done most of the work for you. In this case you can go here
https://www.exploit-db.com/exploits/21396 and find exactly where the vulnerabilities are for TT2.8 and patch them.
Thankfully fixing possible sql injections aren't hard and I agree using prepared statements is a good idea however a good sanitize function will do the trick.