Overall, the number of publicly accessible torrent clients is growing. As torrent clients increase in popularity, so does the number of poorly configured and insecure services. Like all web apps, these clients can be hacked in various ways. For instance, in recent years, numerous directory traversal, privilege escalation, and cross-site scripting vulnerabilities have been disclosed, as seen in the image below. In the future, attackers may discover ways of bypassing authentication entirely.
So, a torrent client gets hacked... what's the worst an attacker can do? Pirate some copyrighted materials? Well, yes, but it gets worse. Torrent clients are capable of creating files and directories on the system as well as replacing existing ones. That access to the filesystem can be abused by downloading malicious files through the compromised torrent client. 2b1af7f3a8