QBittorrent 4.5.5 free1/23/2024 ![]() Have attached a screenshot where I create a file on the remote machine then retrieve that file unauthenticated from my laptop.As a special service "Fossies" has tried to format the requested source page into HTML format using (guessed) C and C++ source code syntax highlighting (style: standard) with prefixed line numbers and code folding option.Īlternatively you can here view or download the uninterpreted source code file.įor more information about "downloadhandlerimpl.cpp" see the Fossies "Dox" file reference documentation and the last Fossies "Diffs" side-by-side code changes report: 4.5.5_vs_4.6.0.ġ /* 2 * Bittorrent Client using Qt and libtorrent. ![]() \.\.\.\.\windows\win.ini"Īctual result: the win.ini file from the remote machine is displayed Enable the qBitTorrent web UI (in my case it runs on port 8080).If you were on my network, you'd do the following: Please let me know if there's anything you need from me. Note that this is my first open source bug report - so apologies if I've missed anything. Have done some searches on your bug tracker for an existing bug report - and can't find one, some am raising this. I ran a Nessus vulnerability scan on a machine running qBitTorrent and found that the Web UI can be used to access arbitrary files on the host's filesystem - unauthenticated - via what appears to be a path traversal vulnerability. Operating System: Windows 10, version 22H2. QBitTorrent version: 4.5.1 (latest stable as of today).
0 Comments
Leave a Reply.AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |