The Pirate Bay Open to SQL Injection Attacks?

This from an old friend of mine on the private “guys list” mailing list.

So,  I was trying to get a couple of E-books from the pirate bay.

http://thepiratebay.org/torrent/5362753

The pdf I downloaded did not work, so I put up a comment and I noticed they were not un-escaping single quotes.

So I tried a double quote in the comment and it gave an error.

So I tried this in the comment box

“; SELECT * FROM `users` —

And it didn’t break.  I’m pretty sure it selected all the users.  Didn’t print them out, but it selected them.

So, what I’m saying is.  Thepiratebay.org is currently wide open to sql injection attacks.

Have fun, let me know what you do.

Is this news? Maybe not. This article outlines how TPB was hacked over a month ago. Close the door man! It’s wide open.