Home News Forum Articles
  Welcome back Join CF
You are here You are here: Home | Forum | Private BitTorrent Trackers Under Threat From Major Exploit


You are currently viewing our boards as a guest which gives you limited access to view most of the discussions, articles and other free features. By joining our Virgin Media community you will have full access to all discussions, be able to view and post threads, communicate privately with other members (PM), respond to polls, upload your own images/photos, and access many other special features. Registration is fast, simple and absolutely free so please join our community today.


Welcome to Cable Forum
Go Back   Cable Forum > Computers & IT > Internet Discussion
Reload this Page Private BitTorrent Trackers Under Threat From Major Exploit
Register FAQ Members List Calendar Mark Forums Read

Private BitTorrent Trackers Under Threat From Major Exploit
Reply
 
Thread Tools
Old 21-04-2008, 10:31   #1
SBD
GT- IamTracker
 
SBD's Avatar
 
Join Date: Apr 2008
Location: 127.0.0.1
Services: VM 20mb
Posts: 24
SBD has disabled reputation
Send a message via MSN to SBD
Question Private BitTorrent Trackers Under Threat From Major Exploit
Thousands of private BitTorrent trackers using the popular TBDev code are vulnerable to hostile takeover. According to a security researcher, a successful execution of the exploit could result in the attacker gaining admin rights to the tracker. However, knowledge and a little care can mitigate the effects.

The popular TBDev code on which thousands of private BitTorrent trackers are built, is said to be vulnerable to a major exploit. A successful attack could allow a malicious attacker to deface the main tracker page (index.php) and hijack the account of anyone who logs into the application. Worryingly it’s even possible to hijack an administrator’s account by using a social engineering attack to get them to click on specially crafted hyperlink, although most admins won’t be tricked by this method.

According to Michael Brooks, a security researcher who brought this issue to our attention, this particular TBDev exploit is down to the fact the developers didn’t protect the administrative interface from Cross Site Scripting attacks (XSS)

<edit Rob: excessive quote deleted - link to original now provided in post #3 below>
SBD is offline   Reply With Quote
Old 21-04-2008, 19:33   #2
Rob
Cable Forum Team
 
Rob's Avatar
 
Join Date: Jun 2003
Age: 44
Posts: 11,303
Rob is a twin star memberRob is a twin star member
Rob is a twin star memberRob is a twin star memberRob is a twin star memberRob is a twin star memberRob is a twin star memberRob is a twin star memberRob is a twin star memberRob is a twin star memberRob is a twin star memberRob is a twin star memberRob is a twin star memberRob is a twin star member
Re: Private BitTorrent Trackers Under Threat From Major Exploit
This is clearly a cut and paste from somewhere. Please provide the link.

To avoid breach of copyright, always link to the source, and only quote a small part of any article. Thank you.
__________________
The [NTHW] PC & XBox Clan! ~ Call of Duty Gameservers

Help Cable Forum's MiniCity grow:
Population|Industry|Transport|Security|Environment|Business
Rob is offline   Reply With Quote
Old 21-04-2008, 19:35   #3
Cable Forum Team
 
Rob M's Avatar
 
Join Date: Feb 2004
Location: /root/
Age: 30
Services: netstat -tula > /home/raistlin/netstat.txt
Posts: 7,185
Rob M is a king among kingsRob M is a king among kingsRob M is a king among kingsRob M is a king among kingsRob M is a king among kings
Rob M is a king among kingsRob M is a king among kingsRob M is a king among kingsRob M is a king among kingsRob M is a king among kingsRob M is a king among kingsRob M is a king among kingsRob M is a king among kingsRob M is a king among kingsRob M is a king among kingsRob M is a king among kingsRob M is a king among kingsRob M is a king among kingsRob M is a king among kingsRob M is a king among kingsRob M is a king among kingsRob M is a king among kings
Re: Private BitTorrent Trackers Under Threat From Major Exploit
Rob, just reported this post for that very reason.

I believe that the original site is this one (although I'm happy to be corrected):

http://torrentfreak.com/private-bitt...xploit-080418/

TBH, this article goes a little bit far to my mind. It more or less TELLS you how to exploit the vulnerable sites.
__________________
Rob M is offline   Reply With Quote
Reply

« Previous Thread | Next Thread »

Currently Active Users Viewing This Thread: 1 (0 members and 1 guests)
 
Thread Tools

Posting Rules
You may not post new threads
You may not post replies
You may not post attachments
You may not edit your posts
BB code is On
Smilies are On
[IMG] code is On
HTML code is Off
Trackbacks are Off
Pingbacks are Off
Refbacks are Off


All times are GMT +1. The time now is 04:54.


Links
Google
 
Web www.cableforum.co.uk

Contact Us - Service Status - Virgin.Net Status - Cable Forum - Archive - Privacy Statement - Top

Powered by vBulletin® Version 3.7.2
Copyright ©2000 - 2008, Jelsoft Enterprises Ltd.
Content Relevant URLs by vBSEO 3.1.0
Copyright © 2003 - 2008, Cable Forum.
(s204569790.onlinehome.info)
Copyright © 2008 Cable Forum | Hosted By 1&1 | Privacy Policy | Terms of Use Message Boards and Forums Directory