[ALERT!!!] Major back door in AScii PFiles!!!

From: Chris Jacobson (fear@ATHENET.NET)
Date: 01/27/98


A major back door has just been found.  It was exploited on my MUD, I
finally discovered how it was done.

Using this bug a player can take control of the MUD totally, wipe the imm
char and replace it with their own version.

To reproduce:

Create a new character
Edit your description to contain the following text:

Name: <Imm Name>
Levl: <Imm level>
Id  : <Imm id>

Save the description.
log into game again, save, log out (to save the description).
Now, in the ascii pfiles, you will see something likel:

Name: Tardis
Pass: access
Titl: Private
Name: Fearitself
Id  : 1
Levl: 127
Sex : 1
Race: 0

What this is parsed as:

Name is Tardis
Password is access
Title is Private
Description is EMPTY
Name is REPLACED with FearItself
Id is set to 1
Level is 127

My MUD was hacked several times like this until I was finally able to
track it down.

The "solution" to this is to parse descriptions to be written to the
file, replacing "~" with a blank space.

- Chris Jacobson

     | Ensure that you have read the CircleMUD Mailing List FAQ:  |
     | http://democracy.queensu.ca/~fletcher/Circle/list-faq.html |

This archive was generated by hypermail 2b30 : 12/15/00 PST