Bugtraq mailing list archives
Ragnarok Online Control Panel Authentication Bypass Vulnerability [new method]
From: dp14 () hotmail com
Date: 31 Aug 2007 12:05:51 -0000
VaLiuS has reported a vulnerability in Ragnarok Online Control Panel, which can be exploited by malicious people to bypass certain security restrictions. The vulnerability is caused due to an error in the authentication process when checking page access. This can be exploited to bypass the authentication process via a specially crafted URL with an appended non-restricted page. The /.../ reffers to directory crawling Example: http://www.example.com/CP/...../account_manage.php/login.php Successful exploitation requires that files are served from an Apache HTTP server. The vulnerability has been reported in version 4.3.4a. Other versions may also be affected. SOLUTION: Edit the source code to ensure that the authentication process is properly performed. PROVIDED AND/OR DISCOVERED BY: Calypso Steweren
Current thread:
- Ragnarok Online Control Panel Authentication Bypass Vulnerability [new method] dp14 (Aug 31)