Cenzic 232 Patent
Paid Advertising
sla.ckers.org is
ha.ckers sla.cking
Q and A on cross site request forgeries and breaking into sessions. It's one of the attacks that XSS enables and the attack of the future. For Session, fixations, hijacking, lockout, replay, session riding etc.... 
Go to Topic: PreviousNext
Go to: Forum ListMessage ListNew TopicSearchLog In
csrf in many torrent trackers
Date: July 01, 2007 12:17PM

Well I posted this on some other forum but noone seemed interested or wanted to talk about it so here I am and I would really get some feedback about it!

I found a (my first) csrf in


I haven't seen any tracker needing the password or a sid to change the email in the profile. So you can very simple abuse this with a csrf to change the email and then hijacking the account through the "forgot pwd dialog".

What do you think about it?


Options: ReplyQuote
Re: csrf in many torrent trackers
Posted by: Anonymous User
Date: July 01, 2007 12:31PM

Yep - them trackers mostly are spiced with vulnerabilities


Anyway - nice primer!


Options: ReplyQuote
Re: csrf in many torrent trackers
Posted by: hackathology
Date: August 21, 2007 04:29AM



Options: ReplyQuote

Sorry, only registered users may post in this forum.