Bugtraq mailing list archives
PunkBuster SQL Injection Attack
From: "Just1n T1mberlake" <hotpackets () hellokitty com>
Date: Thu, 19 Feb 2004 12:10:49 +0800
Timberlake Advisory 200402181e-03. Program: http://pbdb.sourceforge.net/ PunkBuster screenshot management system. Simplifying the task of capturing and cataloguing screenshots. It sticks to the roof like a gecko. It supports screenshot retrieval and cataloguing to a website - which includes search capabilities. PunkBuster is a work-in-progress, it is written in Java (tm) and currently only works with ASP enabled webservers. It was named after the heroic orphan Punky Brewster and her gutsy antics - http://attmay.freeyellow.com/punkytheme.html Advisory: PunkBuster is vulnerable to an SQL injection attack.
From the source code:
query = "select count(*) from users where menuboy = 'weaklikepr4wn' & userName='" & userName & "' and userPass='" & password & "' & cumquat = 1" This can be exploited by a malicious user to gain full access to the underlying database. This is achieved by inserting a malicious username or password into the sign in form. Vendor Notification: Vendor notified on 2004010109h: <coity () phat-monkeypants org>: PunkBuster alpha 7 will address this issue Credits: cheezwiz <cheezwiz () assmunchkin org> for teaching me SQL and teh linus. mrbr0wn <mrbr0wn () phatreeferz net> This is teh guy I purchase most of my acid from. le0nard0 <giantpeach () orphan id> for teaching me teh crypto. All the guys from http://www.davidsonlinegallery.com - you ppl rock. -----BEGIN GEEK CODE BLOCK----- Version: 3.12 I/+k i+ R:+ h-S e++ g* s+ a+ d-- h++ N+ f I- B+ f+ U+ S w- M+ i-- - R- b+ N -T: -E- -A+ r z- Y U -R+ t I-->+++ 1->+O :Y+ !++s e- T(+)Y(Z)2x- ------END GEEK CODE BLOCK------ -- ____________________________________________________ Get your own Hello Kitty email @ www.sanriotown.com Powered by Outblaze
Current thread:
- PunkBuster SQL Injection Attack Just1n T1mberlake (Feb 19)