Daily cyber threats and internet security news: network security, online safety and latest security alerts
April 20th, 2008

Serious Vulnerability In Private BitTorrent Trackers

Thousands of private BitTorrent trackers using the popular TBDev code are vulnerable to hostile takeover. According to a security researcher, a successful execution of the exploit could result in the attacker gaining admin rights to the tracker. However, knowledge and a little care can mitigate the effects. This particular TBDev exploit is down to the fact the developers didn’t protect the administrative interface from Cross Site Scripting attacks (XSS).

The popular TBDev code on which thousands of private BitTorrent trackers are built, is said to be vulnerable to a major exploit. A successful attack could allow a malicious attacker to deface the main tracker page (index.php) and hijack the account of anyone who logs into the application. It’s even possible to hijack an administrator’s account by using a social engineering attack to get them to click on specially crafted hyperlink, although most admins won’t be tricked by this method. If you visit a website that the hacker controls then he can also trigger the attack. If you think you might have clicked on a bad link, change your password immediately.

To avoid this exploit, the most important thing to keep in mind is do not click on suspicious links. The link can be easily modified to be shorter, but the important part is avoiding links to TBDev’s /redir.php.

To remove the persistent XSS payload the administrator might have to login to the SQL server manually and delete the offending entry in the “news” table, since they won’t be able to use the web application to delete the news posting.

A very quick fix for this issue would be changing in news.php from “$body = $_POST[“body”];” to “$body = htmlspecialchars($_POST[“body”],ENT_QUOTES);”

The same fix also needs to be applied to $_GET[“url”] in redir.php or the administrator account as well as others are subjected to hijack. There are other security problems with this application, but the XSS is the most serious as it leads to immediate attack.

The full details of the exploit are available in here.

Share this item with others:

More on CyberInsecure:
  • Norwegian BitTorrent Tracker Norbits Under DDoS Attack
  • BitTorrent Users Are The Targets In New Anti-Piracy Scam Emails Spam
  • Popular BitTorrent Client Quietly Patched An Old Zero-Day Vulnerability
  • Music Industry Sites DDoSed By Hacktivists To Support Pirate Bay
  • The Pirate Bay Compromised, Hacker Swipes Details Of 4 Million Users

  • If you found this information useful, consider linking to it from your own website.
    Just copy and paste the code below into your website (Ctrl+C to copy)
    It will look like this: Serious Vulnerability In Private BitTorrent Trackers

    Leave a Reply

    Comments with unsolicited links to other resources will be marked as spam. DO NOT leave links in comments. Please leave your real email, it wont be published.

    To prove you’re a person (not a spam script), type the security word shown in the picture. Click on the picture to hear an audio file of the word.