EQDKP vulnerability

Lital

Lital

Gnomish Pimp Daddy
Joined
Feb 28, 2005
Messages
39
Reaction score
0
Points
0
Location
U.S.
Website
www.debsinc.com
If your guild is running eqdkp, you need to have the admin disable the backup/restore functionality from the control panel that is enabled by default.

exploit -> http://milw0rm.com/exploits/3252

Of course, if you know a guild that you hate is running EQDKP, have fun. :D

Lital
 
That was fixed a while ago. For older versions, it might still be possible, though.
 
thez said:
That was fixed a while ago. For older versions, it might still be possible, though.
Click to expand...

Works against the latest version default install. No patch yet. Our wow guild was hit 2 days ago, and he got the station/pass for our guild leaders wow account due to our guild leaders lazy use of the same user/pass in multiple places. Our guild was disbanded, dude was on pvp'ing with the guild leaders account, it was some funny shit.

Lital
 
Delete the backup.php file, that solves the problem. There are other better backup scripts included with EQ DKP so you shouldn't be using that one anyway.

Dev's say they are currently working a fix, but getting rid of the file will stop anything bad happening.
 
This benefits are so great, who cares about security. Lol at the author.

Comments from the top of backup.php in the current source download...

/*****************************
* EQdkp
* Copyright 2002-2003
* Licensed under the GNU GPL. See COPYING for full terms.
* ------------------
* backup.php
* Began: Mon May 23 2005
*
* $Id: backup.php 6 2006-05-08 17:11:35Z tsigo $
*
*
* class-1 MySQL Backup/Restore
* (c) class-1 Web Design (http://www.class1web.co.uk), 2004
* This file is part of class-1 MySQL Backup/Restore.
*
******************************/

// First things first - a small amount of security
// This script is *so* hackable as to not be funny
// The possible benefit (IMO) outweighs the possible security
// issue with referrer hacking tho...

// Check that the visitor's referrer was a page within your own site.
// Copyright 2001 Tim Green
// http://www.dwfaq.com/snippets/snippet_details.asp?SnipID=51

Lital
 
You must log in or register to reply here.

Similar threads

F
Group Makeup
Replies
5
Views
593
EverQuest General Chat, Requests & Questions
Fr4nK!e
F
Z
Looking for code to autoinvite to a guild to put on a trader (Emu)
Replies
2
Views
408
EverQuest MacroQuest Macros, HUDS & UI's
Zissik85
Z
smith8454
patch notes 5/18
Replies
0
Views
597
EverQuest General Chat, Requests & Questions
smith8454
smith8454
Fry
MMOBugs MQNext Installation Problem Report Thread - 26 February 2022 Release
Replies
58
Views
6K
EverQuest General Chat, Requests & Questions
Dealings
Dealings
smith8454
Test patch notes
Replies
0
Views
589
EverQuest General Chat, Requests & Questions
smith8454
smith8454