An anonymous security researcher is sounding the alarm on a security flaw in popular torrent portal software that can be leveraged to expose details about a site's users.
In terms of piracy and torrent-related news, the TorrentFreak blog is the place you'd want to check out on a daily basis. Taking advantage of the blog's huge following, a security researcher who did not want to disclose his name contacted the site and
revealed details about an exploit he had recently discovered.
The problem lies in a software package used by torrent site administrators to set up their portals. The researcher declined to name the software package since the flaw was not yet patched.
Vulnerability can be exploited via BBcode
This software comes with support for BBcode (Bulletin Board Code), a system that replaces certain text patterns with text, images, or other types of dynamic information.
According to the researcher, there's a flaw in one of the built-in BBcodes packed with that particular software package. The BBCode is [you], which, when used, prints the user's name.
