PunkBuster SQL Injection Attack
Timberlake Advisory 200402181e-03.
Program:
http://pbdb.sourceforge.net/
PunkBuster screenshot management system. Simplifying the task of capturing and
cataloguing screenshots. It sticks to the roof like a gecko. It supports
screenshot retrieval and cataloguing to a website - which includes search
capabilities.
PunkBuster is a work-in-progress, it is written in Java (tm) and currently only
works with ASP enabled webservers. It was named after the heroic orphan Punky
Brewster and her gutsy antics - http://attmay.freeyellow.com/punkytheme.html
Advisory:
PunkBuster is vulnerable to an SQL injection attack.
>From the source code:
query = "select count(*) from users where menuboy = 'weaklikepr4wn' &
userName='" &
userName & "' and userPass='" & password & "' & cumquat = 1"
This can be exploited by a malicious user to gain full access to the underlying
database. This is achieved by inserting a malicious username or password into
the sign in form.
Vendor Notification:
Vendor notified on 2004010109h: <coity@xxxxxxxxxxxxxxxxxxxx>: PunkBuster alpha
7 will address this issue
Credits:
cheezwiz <cheezwiz@xxxxxxxxxxxxxxx> for teaching me SQL and teh linus.
mrbr0wn <mrbr0wn@xxxxxxxxxxxxxxx> This is teh guy I purchase most of my acid
from.
le0nard0 <giantpeach@xxxxxxxxx> for teaching me teh crypto.
All the guys from http://www.davidsonlinegallery.com - you ppl rock.
-----BEGIN GEEK CODE BLOCK-----
Version: 3.12
I/+k i+ R:+ h-S e++ g* s+ a+ d-- h++ N+ f I- B+
f+ U+ S w- M+ i-- - R- b+ N -T: -E- -A+ r z- Y
U -R+ t I-->+++ 1->+O :Y+
!++s e- T(+)Y(Z)2x-
------END GEEK CODE BLOCK------
--
____________________________________________________
Get your own Hello Kitty email @ www.sanriotown.com
Powered by Outblaze