Attention ANYONE WHO USES ASCII PFILES!
A major back door has just been found. It was exploited on my MUD, I
finally discovered how it was done.
Using this bug a player can take control of the MUD totally, wipe the imm
char and replace it with their own version.
To reproduce:
Create a new character
Edit your description to contain the following text:
~
Name: <Imm Name>
Levl: <Imm level>
Id : <Imm id>
Save the description.
log into game again, save, log out (to save the description).
Now, in the ascii pfiles, you will see something likel:
Name: Tardis
Pass: access
Titl: Private
Desc:
~
Name: Fearitself
Id : 1
Levl: 127
~
Sex : 1
Race: 0
What this is parsed as:
Name is Tardis
Password is access
Title is Private
Description is EMPTY
Name is REPLACED with FearItself
Id is set to 1
Level is 127
My MUD was hacked several times like this until I was finally able to
track it down.
The "solution" to this is to parse descriptions to be written to the
file, replacing "~" with a blank space.
- Chris Jacobson
+------------------------------------------------------------+
| Ensure that you have read the CircleMUD Mailing List FAQ: |
| http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |
+------------------------------------------------------------+
This archive was generated by hypermail 2b30 : 12/15/00 PST