The Ragnarok Online Control Panel suffers from an authentication bypass vulnerability.
bf7f368942ee2e1e032f9086eb846bc8743d2ecf4f7b4918f7c05131e12a7aa7VaLiuS has reported a vulnerability in Ragnarok Online Control Panel,
which can be exploited by malicious people to bypass certain security
restrictions.
The vulnerability is caused due to an error in the authentication
process when checking page access. This can be exploited to bypass
the authentication process via a specially crafted URL with an
appended non-restricted page.
The /.../ reffers to directory crawling
Example:
http://www.example.com/CP/...../account_manage.php/login.php
Successful exploitation requires that files are served from an Apache
HTTP server.
The vulnerability has been reported in version 4.3.4a. Other versions
may also be affected.
SOLUTION:
Edit the source code to ensure that the authentication process is
properly performed.
PROVIDED AND/OR DISCOVERED BY:
Calypso Steweren
© 2024 Packet Storm. All rights reserved.
%7Cutmcsr%3D(direct)%7Cutmcmd%3D(none)){kind=small}
Follow us on Twitter
Follow us on Facebook
Subscribe to an RSS Feed