Category: research

  • RCE Vulnerability in QBittorrent

    In qBittorrent, the DownloadManager class has ignored every SSL certificate validation error that has ever happened, on every platform, for 14 years and 6 months since April 6 2010 with commit 9824d86. The default behaviour changed to verifying on October 12 2024 with commit 3d9e971. The first patched release is version 5.0.1, released 2 days…

  • Connection-Locked CL.TE HTTP De-Sync Attacks

    I’ve spent the majority of the days since watching James Kettle’s talk rewatching it, reading the paper and supporting materials, and hacking away at the Python code. I’ve learned that HTTP De-Sync attacks are highly complex, and they provide a number of challenges. On the other hand, they are incredibly powerful and versatile, and this…

  • Client Side De-Sync and Synch0le

    Defcon just started publishing this year’s talks on YouTube and it includes an excellent talk by James Kettle on HTTP De-Sync attacks, furthering his research from last year. I found the subject fascinating and highly recommend you check out the talk, paper and corresponding Burpsuite plugins, along with the Portswigger labs to try it for…