Wednesday, April 23, 2008

UTorrent + CSRF = STALLOWN3D!1

Ouch. I’m going to have to agree with Billy Rios on this one, I’ve also never CSRF used to own a box. Each week CSRF attacks are sure to get worse with all the interest on the subject. CSRF issues are everywhere, easy to pull off, and powerful because everything is web-enabled. Check out Rob Carter’s clever 3-step process:

1) Turn on move completed downloads
2) Change the path to where downloads are placed, line windows start up.
3) Force the download of a attacker controlled batch file

wait for reboot.

Clever stuff! Be mindful of your plugins boys and girls.

2 comments:

Anonymous said...

but it does require admin rights to write to %allusersprofile%, and who would run p2p apps as admin?

Anonymous said...

Anonymous, doesn't Vista require certain applications to run as administrator in order to properly use write access? I don't use the uTorrent client, but I'm sure it's possible. As I said on Billy Rios' blog this example, and the one posted by GNUCITIZEN for persistent control over GMail accounts are really very intriguing.