CVE-2018-5702

HIGH

Transmission < 2.92 - Unauthenticated Remote Code Execution via DNS Rebinding

Title source: llm

Exploitation Summary

EIP tracks 1 public exploit for CVE-2018-5702. PoCs published by Google Security Research.

AI-analyzed exploit summary This writeup describes a DNS rebinding attack against Transmission BitTorrent client's RPC interface, allowing remote attackers to bypass the localhost restriction and execute arbitrary commands by manipulating the 'download-dir' or 'script-torrent-done-enabled' settings.

Description

Transmission through 2.92 relies on X-Transmission-Session-Id (which is not a forbidden header for Fetch) for access control, which allows remote attackers to execute arbitrary RPC commands, and consequently write to arbitrary files, via POST requests to /transmission/rpc in conjunction with a DNS rebinding attack.

Exploits (1)

exploitdb WRITEUP VERIFIED

by Google Security Research · remotemultiple

https://www.exploit-db.com/exploits/43665

View Code ZIP pw:eip

This writeup describes a DNS rebinding attack against Transmission BitTorrent client's RPC interface, allowing remote attackers to bypass the localhost restriction and execute arbitrary commands by manipulating the 'download-dir' or 'script-torrent-done-enabled' settings.

Classification

Writeup 90%

Attack Type

Rce

Complexity

Moderate

Reliability

Reliable

Target: Transmission BitTorrent client (versions prior to fix)

No auth needed

Prerequisites: Transmission daemon running with default settings · Victim visits attacker-controlled website

MITRE ATT&CK