TorrentTrader Classic Vulnerable to IP Authorization Bypass
TorrentTrader requires users to log in to download a torrent. At this point the IP address of the user is logged and only that IP may be used by the user to join the swarm. Charles has discovered that by exploiting a SQL injection hole in scrape.php, it is possible to get a list of all IPs in a torrent site’s database.
read more | digg story
