CVE-2009-2158

HIGH

TorrentTrader Classic 1.09 - Info Disclosure

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2009-2158. PoCs published by waraxe.

AI-analyzed exploit summary This is a detailed technical writeup describing multiple vulnerabilities in TorrentTrader Classic 1.09, including SQL injection, weak password generation, unauthorized database backup, and information leakage. The analysis includes code snippets, attack vectors, and exploitation techniques.

Description

account-recover.php in TorrentTrader Classic 1.09 chooses random passwords from an insufficiently large set, which makes it easier for remote attackers to obtain a password via a brute-force attack.

Exploits (1)

exploitdb WRITEUP VERIFIED

by waraxe · textwebappsphp

https://www.exploit-db.com/exploits/8958

View Code ZIP pw:eip

This is a detailed technical writeup describing multiple vulnerabilities in TorrentTrader Classic 1.09, including SQL injection, weak password generation, unauthorized database backup, and information leakage. The analysis includes code snippets, attack vectors, and exploitation techniques.

Classification

Writeup 100%

Attack Type

Sqli | Info Leak | Auth Bypass

Complexity

Moderate

Reliability

Reliable

Target: TorrentTrader Classic 1.09

Auth required

Prerequisites: Valid user account for some vulnerabilities · Knowledge of email addresses for password reset · Access to mysqldump and gzip utilities for database backup

MITRE ATT&CK

T1189 - Drive-by Compromise T1059 - Command and Scripting Interpreter T1005 - Data from Local System

devstral-2 · analyzed Feb 18, 2026 Full analysis →