First of a few remote code execution flaws in various popular torrent clients, here is a DNS rebinding vulnerability Transmission, resulting in arbitrary remote code execution.https://github.com/transmission/transmission/pull/468 …
-
Show this thread
-
Replying to @taviso
On the proof of concept, you used 20 seconds as the time between requests, but chrome keeps the DNS cache for a minimum of 60 secs even with a super low TTL?
1 reply 1 retweet 4 likes -
Replying to @ret2jazzy
Yep correct, but hard to guess when the entry was cached and checking earlier doesn't hurt. You can also force old records to be flushed with a lot of lookups, but I didn't implement that. Would be fun though
1 reply 1 retweet 7 likes -
Replying to @taviso
Btw does it work on Firefox? I think Firefox doesn't delete the cache until we close the tab(or at least that's what I observed)
1 reply 1 retweet 1 like -
Replying to @ret2jazzy
Yes, it does work, I verified on Firefox/Windows. Maybe it considers TTL?
1 reply 1 retweet 1 like -
Replying to @taviso
I'll try again then, I responded with a TTLs of < 5 tho and waited 65 seconds before sending the xhr.
1 reply 1 retweet 2 likes
I just checked with the latest version, it still works here.pic.twitter.com/Ge3J2i5TkS
-
-
Thanks. Twitter will use this to make your timeline better. UndoUndo
-
Loading seems to be taking a while.
Twitter may be over capacity or experiencing a momentary hiccup. Try again or visit Twitter Status for more information.