Saturday, August 9, 2008

Additional Security Issues: Hacme Casino

Hacme Casino from Foundstone is a well known vulnerable web application from the Hacme series used as a learning platform for secure software development. It is accompanied with a solution guide that demonstrates security issues in the application.

During my own usage – for self-learning, developer group trainings and security group demonstrations I have discovered a few more vulnerabilities that I am sharing here for the benefit of those who wish to get more out of Hacme Casino.

1. Vulnerability Exploited: Insecure Direct Object Reference

For vulnerability description refer here.

As seen in the screenshot below, it is possible to download potentially any file from the web server's file system without authentication by guessing and directly referencing it's path. Here we have downloaded boot.ini which is arguably not sensitive. Nevertheless sensitive files can be potentially downloaded as well.



2. Vulnerability Exploited: Session Fixation

For information on Session Fixation refer here. Following steps confirm the vulnerability.

Step 1: Login with a fixed session ID as seen in the Paros proxy screenshot.

Step 2: Check the trapped response from Paros. As we see the session ID is same as what we fixed.


Step 3: This step is not really required but just for a double check. Let's access the OPTIONS link. The trapped session ID in Paros is definitely the one that we fixed as seen. The next screenshot confirms indeed it was possible to access OPTIONS with this session ID.



3. Vulnerability Exploited: Cross Site Request Forgery


For vulnerability description refer here. Below are additional functions that are vulnerable to CSRF. The exploitation method is same as described in Hacme Casino guide.

http://localhost:3000/account/cash_out
http://localhost:3000/account/update_options
http://localhost:3000/blackjack/bet
http://localhost:3000/video_poker/bet

6 comments:

  1. Your music is amazing. You have some very talented artists. I wish you the best of success. wettseiten paypal

    ReplyDelete
  2. They players can see the dealer deal via web cams. The advantages of live dealer games are many. You can play games by sitting right in your room. Since the game is being viewed via webcam, you can eye everything. Casino operators

    ReplyDelete
  3. The information you have posted is very useful. The sites you have referred was good. Thanks for sharing...
    Real Money Casino Online

    ReplyDelete
  4. thanks this page and website good good The Beautiful Broken Web..
    Please click on this post if you wanna paly with online casino.Thank you.

    บาคาร่าออนไลน์
    โกลเด้นสล็อต

    ReplyDelete
  5. I really loved reading your blog. It was very well authored and easy to understand. Unlike other blogs I have read which are really not that good.Thanks alot!
    real money slots

    ReplyDelete