Lucene search
K
Database
Vendors
Products
Years
CVSS
Scanner
Agent Scanning
API Scanning
Manual Audit
Perimeter Scanner
Scanning
Projects
Email
Webhook
Plugins
Resources
Documents
Blog
Glossary
FAQ
Pricing
Contacts
About Us
Partners
Branding Guideline

ragnarok-bypass.txt

🗓️ 01 Sep 2007 00:00:00Reported by Calypso StewerenType 
packetstorm
 packetstorm🔗 packetstormsecurity.com👁 17 Views

VaLiuS reports vulnerability in Ragnarok Online Control Panel allowing bypass of security restrictions via specially crafted UR

Show more
Code
`VaLiuS has reported a vulnerability in Ragnarok Online Control Panel,  
which can be exploited by malicious people to bypass certain security  
restrictions.  
  
The vulnerability is caused due to an error in the authentication  
process when checking page access. This can be exploited to bypass  
the authentication process via a specially crafted URL with an  
appended non-restricted page.  
  
The /.../ reffers to directory crawling  
  
Example:  
http://www.example.com/CP/...../account_manage.php/login.php  
  
Successful exploitation requires that files are served from an Apache  
HTTP server.  
  
The vulnerability has been reported in version 4.3.4a. Other versions  
may also be affected.  
  
SOLUTION:  
Edit the source code to ensure that the authentication process is  
properly performed.  
  
PROVIDED AND/OR DISCOVERED BY:  
Calypso Steweren  
`

Transform Your Security Services

Elevate your offerings with Vulners' advanced Vulnerability Intelligence. Contact us for a demo and discover the difference comprehensive, actionable intelligence can make in your security strategy.

Book a live demo
01 Sep 2007 00:00Current
7.4High risk
Vulners AI Score7.4
valiusvulnerabilityragnarok onlinesecurity restrictionsauthentication processdirectory crawlingapache http serversource codecalypso steweren
17
.json
Report