Ragnarok Online Control Panel Authentication Bypass Vulnerability [new method]

2007.09.08

Credit: Calypso Steweren

Risk: Medium

Local: No

Remote: Yes

CVE: CVE-2007-4723

CWE: CWE-287

Ogólna skala CVSS: 7.5/10

Znaczenie: 6.4/10

Łatwość wykorzystania: 10/10

Wymagany dostęp: Zdalny

Złożoność ataku: Niska

Autoryzacja: Nie wymagana

Wpływ na poufność: Częściowy

Wpływ na integralność: Częściowy

Wpływ na dostępność: Częściowy

VaLiuS has reported a vulnerability in Ragnarok Online Control Panel,
which can be exploited by malicious people to bypass certain security
restrictions.

The vulnerability is caused due to an error in the authentication
process when checking page access. This can be exploited to bypass
the authentication process via a specially crafted URL with an
appended non-restricted page.

The /.../ reffers to directory crawling

Example:
http://www.example.com/CP/...../account_manage.php/login.php

Successful exploitation requires that files are served from an Apache
HTTP server.

The vulnerability has been reported in version 4.3.4a. Other versions
may also be affected.

SOLUTION:
Edit the source code to ensure that the authentication process is
properly performed.

PROVIDED AND/OR DISCOVERED BY:
Calypso Steweren

See this note in RAW Version

Vote for this issue:

100%

Thanks for you vote!

Thanks for you comment!
Your message is in quarantine 48 hours.

Comment it here.

Nick (*)

Email (*)

Video

Text (*)

(*) - required fields.

{{ x.nick }} | Date: {{ x.ux * 1000 | date:'yyyy-MM-dd' }} {{ x.ux * 1000 | date:'HH:mm' }} CET+1

{{ x.comment }}

Ragnarok Online Control Panel Authentication Bypass Vulnerability [new method]

Thanks for you vote!

Thanks for you comment!Your message is in quarantine 48 hours.

Thanks for you comment!
Your message is in quarantine 48 hours.