Ugamela (Ogame clone) 0.2 Login Bypass
Category: Exploits (depraced!)
- views: 16 654
- date: 15 August 2007
- posted by: BlackHawk
Vendor Site: http://ugamela.com
Download: http://itablackhawk.altervista.org/ogameclone.rar <- do copy/paste with this link otherwise the system will give you a 404 error
Type: Login Bypass
Severity: Hight
Patch: You can patch all manually by reading the last part of the advisory
Vuln Explanation:
The authentication check of this script doesn't work properly:
//checkeamos que el usuario este logueado y que tenga los permisos de admin
if(!check_user()){ header("Location: ./../login.php"); }
if($user['authlevel']!="3"&&$user['authlevel']!="1"){ header("Location: ../login.php");}
if(!check_user()){ header("Location: ./../login.php"); }
if($user['authlevel']!="3"&&$user['authlevel']!="1"){ header("Location: ../login.php");}
the use of the header function do not stop the execution of the code, so an attacker may build a special script to send command to the site without even have a registered account.
I think that even the official site might be vulnerable, even if it is working with the 0.6 version of the script.
I'll try to contact the authors to get the last version of the script and check.
If so, you'll find it nearly on this pages. ;)
Solution: The only way to solve this problem is changing the previously lines in all admin files with this lines:
//checkeamos que el usuario este logueado y que tenga los permisos de admin
if(!check_user()){ header("Location: ./../login.php"); exit;}
if($user['authlevel']!="3"&&$user['authlevel']!="1"){ header("Location: ../login.php");exit;}
if(!check_user()){ header("Location: ./../login.php"); exit;}
if($user['authlevel']!="3"&&$user['authlevel']!="1"){ header("Location: ../login.php");exit;}
Related news:
Information |
|||
 |
Users of GUESTS are not allowed to comment this publication. | ||