Written by enigmax on April 18, 2008
Thousands of private BitTorrent trackers using the popular TBDev code are vulnerable to hostile takeover. According to a security researcher, a successful execution of the exploit could result in the attacker gaining admin rights to the tracker. However, knowledge and a little care can mitigate the effects.
The popular TBDev code on which thousands of private BitTorrent trackers are built, is said to be vulnerable to a major exploit. A successful attack could allow a malicious attacker to deface the main tracker page (index.php) and hijack the account of anyone who logs into the application. Worryingly it’s even possible to hijack an administrator’s account by using a social engineering attack to get them to click on specially crafted hyperlink, although most admins won’t be tricked by this method.
According to Michael Brooks, a security......