-
Notifications
You must be signed in to change notification settings - Fork 0
/
Copy pathspace.txt
44 lines (29 loc) · 1018 Bytes
/
space.txt
1
2
3
4
5
6
7
8
9
10
11
12
13
14
15
16
17
18
19
20
21
22
23
24
25
26
27
28
29
30
31
32
33
34
35
36
37
38
39
40
41
42
space/
112-234/
profile.txt <- structured file, e.g.
Name
Password
Description
...
1. Move to any given pair of coordinates (x,y) -> ./space/112-234/
2. Teleport to any free space coordinates + create planet + capture
3. Any free planet could be captured:
- Give Name, Description, Password
- Description is a secret and could be viewed only after correct password auth
4. User can list all his planets (./users/name/planets.txt)
* Ensure that nobody could capture all the planets
-> Unlimited space?
(!) Possible vulnerabilities
1) Find a planet (?) -> rewrite public field to break file structure and rewrite password -> get secrets
2) "File path modification on register": find a user (??) -> register with filepath name (shit/../old) -> override password
Users:
./users/name/password.txt
register
vasya/../petya
password
-> listing
petya
alice
f = fopen("./users/vasya/../petya/password.txt", "w")
fputs(f, password)
fclose(f)