mailing list archives
Blog Torrent preview 0.8 - arbitary file download
From: Steve Kemp <steve () steve org uk>
Date: Thu, 2 Dec 2004 15:06:41 +0000
Blogtorrent is a collection of PHP scripts which are designed to
make it simple to host files for transfer via bittorrent.
Whilst it is not normal to report security problems in "preview"
releases of software this software was covered prominently upon
Slashdot and could be widely used, so I feel it's a legitimate
One of the scripts in the distribution doesn't correctly
sanitize it's inputs, before using one of them to read
and serve a file from the local system.
This can be exploited to remotely download any file upon the
webserver which is readable by the UID which the webserver is
The code in question is contained in btdownload.php and looks like
The following URL can be used to download a file:
(Adjust the ".."'s and the filename to suit your taste).
Whilst no new release is planned to address this hole the
authors did commit a simple fix to their CVS repository.
This can be obtained from here:
(The patch was committed less than a day after the hole was privately
reported to them, making them a responsive bunch).
# The Debian Security Audit Project.
# Setuid Software Lists
- Blog Torrent preview 0.8 - arbitary file download Steve Kemp (Dec 02)