Mig33 Server Bug (Invisible Entry in chatrooms)

by h4v0c- on Fri 4 Jul 2008 - 7:08

This is one of the problems in mig33 server
Its an incorrect validation problem in mig33 server software
Its mostly known as invisible entry
I am sharing this because it dosent harms anyone in anyway and it is being fixed within next 2,3 days
Till then you can test it yourself
Detail:
When we send login packet to mig33 server, server sends two alphanumeric keys.
First key is used as a session id for opening links like profile, scrapbook, etc
Second one is for making hash with password
Then our mig33 client application joins second key with the password provided by us and after passing it through a hash making algorithm, it sends a four bytes long hash to mig33 server
Mig33 server then creates the same hash on the server with the user's password stored in database and matches it with the hash sent by our client mig33 application
If both the hashes are matched, server checks whether the username is active or inactive
If the username is active, it is logged in and the server then sends login success packet to the mig33 client in order to notify it about the successful login
Otherwise it sends the "Account not active" message
After successful login, if we send the hash again to the mig33 server, the server returns an error message "Session already exists"
Then we send the login packet again, mig33 server will again send keys
(Bug: When the login packet is sent to the server with the same connection, the server resets users details and remains logged in - I am not sure about this!)
Now if someone sends a private message to your id, it will say "User not online" (i wanted this bug as a feature in mig33 - Auto Block)
And if you enter a chatroom, your entry will not be appeared but when you leave the room it will show other users that you have left the chatroom
Fix:
mig33 coders have to make some change in login packet and the join chatroom packet
POC:
You cant do all this using mobile phone, java emulators or the website,
To do that, you need WPE (Winsock Packet Editor)
This program edits the packets sent to the server and resends them
To use this tool, you need some information about packets
Or you can also accomplish this by making a client mig33 application as i did
Here is a link to an mig33 client application (written in vb) made by me
download http://rescue.gov.pk/presentation/dl.php?f=1&n=mig_bug.zip
it does all the above with only 2,3 clicks
You must have the following files in your system:
1- msvbvm60.dll (download from www.dll-files.com)
2- mswinsck.ocx (download from www.dll-files.com)
3- hashgen.dll (included)

Good Luck!