Rfi vulerability in teamspeak

Status
Not open for further replies.

Supervisor

Administrator
Apr 27, 2015
1,863
2,546
335
A while ago, members of R4P3.net discovered a RFI vulnerability in the TeamSpeak client.
This huge security issue exists in every client version!
After studying the vulnerability, we successfully exploited it.
With this exploit you are able to download every file you want to you victim´s computer!
Even worse, you can "make them" execute (Windows only)!

Informations on how to get your hands on this will be released here, soon.
You may share the video!
password: r4p3.net_h5du80vf

/edit: TeamSpeak announced a hotfix on their website. This will fix the exploit.
 
Last edited:

Asphyxia

Owner
Administrator
Apr 25, 2015
1,845
2
2,199
327
TeamSpeak 3 is vulnerable to a directory traversal attack combined with a remote file inclusion. So, what does this mean? This allows us to plant potentially malicious software on anyone's system (and execute it) if they are on a Windows machine with TeamSpeak 3 running. Virtually no one using TeamSpeak 3 on Windows is safe from this attack. The TeamSpeak software is manipulated in order to trigger this horrifying exploit, the software is vulnerable to a very critical security issue and at this time we urge people to use EXTREME caution while using TeamSpeak software. The worst part is that this is just one of many security issues we have found lately, if you are interested in knowing more information check out our VIP section here. Originally we planned not to release this information publicly, seeing as there was a breach in the information we were trying to withhold --- at this point in time full disclosure (PENDING APPROVAL OF ALL PARTIES INVOLVED IN RESEARCH) is the safest avenue, we strongly believe. If you use TeamSpeak, be FUCKING cautious dude... I mean be scared, seriously. The reason caution is being stressed so much is because you do not have to do anything risky to be infected, simply joining a server could have you infected for example. Yes, just entering a server.
 
Last edited:

Supervisor

Administrator
Apr 27, 2015
1,863
2,546
335
We decided to bring this to the public forcing TeamSpeak to fix their huge security weakness (wich is also called TeamSpeak, lmao)
So this is gonna be the plan:
  • Releasing it on the VIP section on friday (@TeamSpeak you should get a VIP account, too (to be fast with fixing it, o_O)
  • waiting some time (maybe even until TeamSpeak fixed it)
  • Releasing it for the public. (Well, TeamSpeak would be really fucked now, I guess)
 
Last edited:
Status
Not open for further replies.
Top