The Web Application Hacker’s Handbook Discovering and Exploiting Security Flaws

For example, playing the game results in a dialog like the one shown in Fig-

ure 5-6, followed by a request for a URL with this form:

https://wahh-game.com/submitScore.jsp?score=

c1cc3139323c3e4544464d51515352585a61606a6b&name=daf

which generates an entry in the high-scores table with a value of 38.

Figure 5-6:  A dialog produced when 

the applet-based game is played

It appears, therefore, that the long string that is returned by the 

getObsScore

method, and submitted in the score parameter, contains an obfuscated repre-

sentation of your score. If you want to cheat the game and submit an arbitrary

high score, you will need to figure out a way of correctly obfuscating your cho-

sen score, so that it is decoded in the normal way by the server.

One approach you may consider is to harvest a large number of scores

together with their obfuscated equivalents, and attempt to reverse engineer

the obfuscation algorithm. However, suppose that you play the game several

times, always scoring 38 and observe the following values being submitted:

bb58303981393b424d4a5059575c616a676d72757b818683

5f48303981393b41474951585861606a656f6f7377817f828b

fd20303981393b4149495651555c66686a6c73797680848489

370c303981393b42494a505359606361696e76787b828584

b5bc303981393b454549545a5a5e6365656971717d818388

1744303981393b43464d515a585f5f646b6f7477767f7e86

f3d4303981393b494a4b5653556162616e6d6f7577827e

de08303981393b474a4d5357595b5d69676a7178757b

da40303981393b43464b54545b6060676e6d70787e7b7e85

1aec303981393b434d4b5054556266646c6b6e717a7f80

Each time you submit a score of 38, a portion of the obfuscated string

remains constant, but the majority of it changes in unpredictable ways. You

find that if you modify any of the obfuscated score, it is rejected by the server.

Attempting to reverse engineer the algorithm based on observed values could

be a very difficult task.

Download 5,76 Mb.

Do'stlaringiz bilan baham: