Recruit page lack of security

abyss · Tue Sep 19, 2006 11:35 am

Hi. Recently i was searching for bugs in the system to help admins fix them, and heres what i found out. It seems that the recruitment page has the exact code as the main page it sound okay, but it isn't. First of all the main page is decrypted its good, but the recruit page isn't. Recruit page uses some sort of image generated code sequence, that can be exploited, by that i mean you can make a small program with wich one you can get the PIN, and make an auto-banker, other stuff...

Heres the proof of concept(in python):

Code: Select all

#################################
# By abyss @ aitvaras irc net.  #
#################################


import cookielib
import urllib2
import math
import string

#this is mine recruit page
response = cookielib.urllib.urlopen("http://stargatewars.com/recruit.php?uniqid=uy1133702463")
html = response.read()

#nbr1 stands for the first sequence of digits, there are four or more
#this script finds "pic/nbr1/e.gif" the 'e' letter and it is converted to
#integer, and so forth till we have 3digits the PIN, and its printed out.
if string.find(html, "nbr1/") != -1:
     count = string.find(html, "nbr1/")
     one = ord(html[count+5:count+6]) -100 +4
     two = ord(html[count+31:count+32]) -100 +4
     three = ord(html[count+57:count+58]) -100 +4
    
PIN = one * 100 + two * 10 + three
print PIN

Ok thats all i think.

p.s: sorry for the mistakes i'm a Lithuanian...

Rukia · Tue Sep 19, 2006 7:49 pm

isn't the code supposed to be a secret?

abyss · Tue Sep 19, 2006 10:25 pm

no its open for public, for human eyes but not computer programs, so that wenn you see the code you enter it your self, not a computer program...

Don Lewis · Wed Sep 20, 2006 3:53 am

Shizune wrote:isn't the code supposed to be a secret?

I think anyone can see the code, you just view the source i think???

Recruit page lack of security

Recruit page lack of security

Login