Low seeded zites can be manipulated, they can be rendered unusable security issue

[mx5kevin]

• ZeroNet version: ZeroNetX 0.9.0 (Rev 4630), 4.8.5 (Rev 4625), Conservacy 0.7.10+ (Rev 8192), Zeronet 0.7.2 (Rev 4555) and all older versions, forks.

  • Operating system: All
  • Web browser: _____
  • Tor status: not available/always/disabled
  • Opened port: yes/no
  • Special configuration: ____

The attack are working on zites what are low seeded and the original owner are not non-stop seeded the zite. The attacker using outdated version of the current zite, or deleting some files. If users who have the original page connect, the user who downloaded the page from the attacker cannot update it. If the page refresh him self get in updated status, with missing file or outdated content. There are two points of vulnerability in the system. In the file update system, and in the content.json, time coding system.

If some files are missing, the automatic refres page does not working, in some forks check files if have a user who have the files may work. In the „outdated attack” the site owner need later time sign and publish the content. This phenomenon occurs if new content is published several times within a short period of time that day.

After X failed time the download system give up updating the content. The attack can make useless low seeded zites.

The result: Missing files in the zites, or loaded a outdated version of the zite. Both case can not updated later the zites from another users.

[foxthewolf245]

Oh no