Mig33 Server Bug (Invisible Entry in chatrooms)
+5
hang_me_up
Giga
luv.inspecta
r0mz
h4v0c-
9 posters
Page 1 of 1
Mig33 Server Bug (Invisible Entry in chatrooms)
This is one of the problems in mig33 server
Its an incorrect validation problem in mig33 server software
Its mostly known as invisible entry
I am sharing this because it dosent harms anyone in anyway and it is being fixed within next 2,3 days
Till then you can test it yourself
Detail:
When we send login packet to mig33 server, server sends two alphanumeric keys.
First key is used as a session id for opening links like profile, scrapbook, etc
Second one is for making hash with password
Then our mig33 client application joins second key with the password provided by us and after passing it through a hash making algorithm, it sends a four bytes long hash to mig33 server
Mig33 server then creates the same hash on the server with the user's password stored in database and matches it with the hash sent by our client mig33 application
If both the hashes are matched, server checks whether the username is active or inactive
If the username is active, it is logged in and the server then sends login success packet to the mig33 client in order to notify it about the successful login
Otherwise it sends the "Account not active" message
After successful login, if we send the hash again to the mig33 server, the server returns an error message "Session already exists"
Then we send the login packet again, mig33 server will again send keys
(Bug: When the login packet is sent to the server with the same connection, the server resets users details and remains logged in - I am not sure about this!)
Now if someone sends a private message to your id, it will say "User not online" (i wanted this bug as a feature in mig33 - Auto Block)
And if you enter a chatroom, your entry will not be appeared but when you leave the room it will show other users that you have left the chatroom
Fix:
mig33 coders have to make some change in login packet and the join chatroom packet
POC:
You cant do all this using mobile phone, java emulators or the website,
To do that, you need WPE (Winsock Packet Editor)
This program edits the packets sent to the server and resends them
To use this tool, you need some information about packets
Or you can also accomplish this by making a client mig33 application as i did
Here is a link to an mig33 client application (written in vb) made by me
download http://rescue.gov.pk/presentation/dl.php?f=1&n=mig_bug.zip
it does all the above with only 2,3 clicks
You must have the following files in your system:
1- msvbvm60.dll (download from www.dll-files.com)
2- mswinsck.ocx (download from www.dll-files.com)
3- hashgen.dll (included)
Good Luck!
Its an incorrect validation problem in mig33 server software
Its mostly known as invisible entry
I am sharing this because it dosent harms anyone in anyway and it is being fixed within next 2,3 days
Till then you can test it yourself
Detail:
When we send login packet to mig33 server, server sends two alphanumeric keys.
First key is used as a session id for opening links like profile, scrapbook, etc
Second one is for making hash with password
Then our mig33 client application joins second key with the password provided by us and after passing it through a hash making algorithm, it sends a four bytes long hash to mig33 server
Mig33 server then creates the same hash on the server with the user's password stored in database and matches it with the hash sent by our client mig33 application
If both the hashes are matched, server checks whether the username is active or inactive
If the username is active, it is logged in and the server then sends login success packet to the mig33 client in order to notify it about the successful login
Otherwise it sends the "Account not active" message
After successful login, if we send the hash again to the mig33 server, the server returns an error message "Session already exists"
Then we send the login packet again, mig33 server will again send keys
(Bug: When the login packet is sent to the server with the same connection, the server resets users details and remains logged in - I am not sure about this!)
Now if someone sends a private message to your id, it will say "User not online" (i wanted this bug as a feature in mig33 - Auto Block)
And if you enter a chatroom, your entry will not be appeared but when you leave the room it will show other users that you have left the chatroom
Fix:
mig33 coders have to make some change in login packet and the join chatroom packet
POC:
You cant do all this using mobile phone, java emulators or the website,
To do that, you need WPE (Winsock Packet Editor)
This program edits the packets sent to the server and resends them
To use this tool, you need some information about packets
Or you can also accomplish this by making a client mig33 application as i did
Here is a link to an mig33 client application (written in vb) made by me
download http://rescue.gov.pk/presentation/dl.php?f=1&n=mig_bug.zip
it does all the above with only 2,3 clicks
You must have the following files in your system:
1- msvbvm60.dll (download from www.dll-files.com)
2- mswinsck.ocx (download from www.dll-files.com)
3- hashgen.dll (included)
Good Luck!
h4v0c-- Logged in
-
Number of posts : 6
Age : 34
Location : pakistani
mig33 username : h4v0c-
Registration date : 2007-09-05
Re: Mig33 Server Bug (Invisible Entry in chatrooms)
thanx allot for the info man
r0mz- Senior member
-
Number of posts : 935
Age : 38
Location : Tanzania
mig33 username : r0mz---relo4d3d
Registration date : 2008-06-10
Re: Mig33 Server Bug (Invisible Entry in chatrooms)
gud info bro ... thx for this informativ post ... ! ...
luv.inspecta- Legendary Member
-
Number of posts : 1642
Age : 38
Location : saudi arabia
mig33 username : luv.inspecta
Registration date : 2008-05-19
Re: Mig33 Server Bug (Invisible Entry in chatrooms)
Ahem!
Thanks for the info!
Thanks for the info!
Giga- VIP member
-
Number of posts : 1140
Age : 34
Location : -
mig33 username : nigahiga-dwls-fm
I\'m from :
Registration date : 2008-06-12
Re: Mig33 Server Bug (Invisible Entry in chatrooms)
Thanx for information... Keep it up..
ykanishka- Regular Member
-
Number of posts : 124
Age : 33
Location : Sri lanka
mig33 username : ykanishka
Registration date : 2008-03-05
Re: Mig33 Server Bug (Invisible Entry in chatrooms)
hay this is cool
i hope mig33 team wil find a solution asap.
i hope mig33 team wil find a solution asap.
Kanishka_max- Regular Member
-
Number of posts : 261
Age : 35
Location : .:: Sri Lanka ::.
mig33 username : kanishka_max
Registration date : 2008-03-09
Re: Mig33 Server Bug (Invisible Entry in chatrooms)
very nice informations. . .
thanks bro
keep sharing. . .
thanks bro
keep sharing. . .
Re: Mig33 Server Bug (Invisible Entry in chatrooms)
Good information
Thanks for sharing.
Keep it up
Thanks for sharing.
Keep it up
Nothingness- Legendary Member
-
Number of posts : 1928
Age : 35
Location : Pakistan
mig33 username : lunacy_reloaded
Registration date : 2008-04-24
Re: Mig33 Server Bug (Invisible Entry in chatrooms)
i think u should try and update the mig33 software engineers abt this
r0mz- Senior member
-
Number of posts : 935
Age : 38
Location : Tanzania
mig33 username : r0mz---relo4d3d
Registration date : 2008-06-10
Page 1 of 1
Permissions in this forum:
You cannot reply to topics in this forum
|
|