'Re: [Full-disclosure] Vulnerabilities in GlobalWoW'

[prev in list] [next in list] [prev in thread] [next in thread] 

List:       full-disclosure
Subject:    Re: [Full-disclosure] Vulnerabilities in GlobalWoW
From:       Ivan Carlos <icarlos () icarlos ! net>
Date:       2011-08-31 20:59:51
Message-ID: A7D185EBDEB9174F9F661B57C80764750563E86827 () VA3DIAXVS611 ! RED001 ! local
[Download RAW message or body]

C'mon... isn't that (gaming non-licensed server over a patented application) illegal?

Reporting vulns on counterfeit applications is useless.

Ivan Carlos
CISO, Consultant
+55 (11) 8112-0666
www.icarlos.net

-----Original Message-----
From: full-disclosure-bounces@lists.grok.org.uk \
                [mailto:full-disclosure-bounces@lists.grok.org.uk] On Behalf Of MustLive
Sent: quarta-feira, 31 de agosto de 2011 17:44
To: submissions@packetstormsecurity.org; full-disclosure@lists.grok.org.uk
Subject: [Full-disclosure] Vulnerabilities in GlobalWoW

Hello list!

I want to warn you about Insufficient Anti-automation and Denial of Service vulnerabilities in \
GlobalWoW. Also GlobalWow can be included in ArcEmu and WOW Emulator Server.

This is the last of few advisories which I've made in April 2010. In this advisory I'm continue \
to inform readers of mailing lists about vulnerable web applications which are using \
CaptchaSecurityImages.php.

-------------------------
Affected products:
-------------------------

Vulnerable are GlobalWow 3.0.9 and previous versions (and potentially next versions).

Also the next products are affected: ArcEmu and WOW Emulator Server with which GlobalWow can be \
bundled.

I've already wrote last year the recommendations about fixing these issues in another my \
advisory concerning vulnerable web application with CaptchaSecurityImages.php. As I wrote \
earlier (http://www.securityfocus.com/archive/1/511023), developers of \
CaptchaSecurityImages.php fixed this hole at 27.03.2007. So one of the way to fix these issues \
is to use fixed version of the script or to make appropriate changes in com_bookman's version \
of the script.

----------
Details:
----------

These are Insufficient Anti-automation and Denial of Service vulnerabilities.

The vulnerabilities exist in captcha script CaptchaSecurityImages.php, which is using in this \
system. I already wrote at my site about vulnerabilities in CaptchaSecurityImages \
(http://websecurity.com.ua/4043/).

Insufficient Anti-automation (WASC-21):

http://site/acs/CaptchaSecurityImages.php?width=150&height=100&characters=2

Captcha bypass is possible as via half-automated or automated (with using of
OCR) methods, which were mentioned before (http://websecurity.com.ua/4043/),
as with using of session reusing with constant captcha bypass method \
(http://websecurity.com.ua/1551/), which was described in project Month of Bugs in Captchas.

DoS (WASC-10):

http://site/acs/CaptchaSecurityImages.php?width=1000&height=9000

With setting of large values of width and height it's possible to create large load at the \
server.

------------
Timeline:
------------

2010.04.16 - disclosed at my site.
2010.04.17 - informed developers.
2010.04.18 - informed developers on another e-mail.

I mentioned about these vulnerabilities at my site (http://websecurity.com.ua/4134/).

Best wishes & regards,
MustLive
Administrator of Websecurity web site
http://websecurity.com.ua 


_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/

_______________________________________________
Full-Disclosure - We believe in it.
Charter: http://lists.grok.org.uk/full-disclosure-charter.html
Hosted and sponsored by Secunia - http://secunia.com/


[prev in list] [next in list] [prev in thread] [next in thread]
Configure | About | News | Add a list | Sponsored by KoreLogic