troubleshooting target: host filesystem data
issue found: redundant local cookiesupon modification, the cookies
user_name and
user_password simply duplicate themselves on next visit, surely on order of the PHPSESSID.
http://i.imgur.com/bR8Av9g.pnghttp://i.imgur.com/SCDrcBU.pngideally this should be the only client-side cookie necessary (that containing the php session id):
http://i.imgur.com/z0f4xpO.pngi was unable to identify the hash algorithm used to generate the value stored in
user_password but it is 40 characters long which leads me to believe it's not a fixed compression. unless the function is an original - as opposed to a publicly-known algorithm or the use of two one-way cryptographic hash functions - i have no doubt that a malicious person would be able to, after pulling the data from a compromised client-side filesystem, use typical brute-force methods to reverse-encrypt-and-match the password.
if done on a large scale, through the use of something like a freely-downloaded "bot for magicaldice.com" piece of sh't or whatever, or through the use of range-control virus/worm infection (targets selected through the likeliness that they are members of magicaldice) then of course this means the unethical a-hole engineer behind the attack would be able to log in as and empty the wallets of any user either a) simple enough to run microsoft windows as an operating system b) stupid enough to run a binary file on their personal computer without access to the source.
while i can't imagine the necessity for either of these cookies, if there
is for them in fact a use, then i would recommend renaming both of them to less-obvious targets for a thief, and using a one-way encryption on the value of
user_name as well (it is currently simply the unmodified username).
- Lyco / user "harlequence" on magicaldice
- Joshua Ryan Nydel - nydel at ma dot sdf dot org for mail
