[SECURITY!!] ManiaFlash Security bug

Discuss all the publishing tools, including ManiaHome, ManiaPub, ManiaFlash and ManiaPress in this forum

Moderator: NADEO

Post Reply
User avatar
Posts: 626
Joined: 15 Jun 2013, 10:57
Location: The Netherlands

[SECURITY!!] ManiaFlash Security bug

Post by toffe » 31 Dec 2014, 14:16

I found a security bug in ManiaFlash. :shock:

I can post on any maniaflash if i want (see edit, seems not all). I opened a maniaflash article on the maniahome screen. Then type in Maniaflash in the manialink browser and click on my channels. You can see the channels from the owner of the article you clicked on the ManiaHome screen.

Nadeo team, please pm me for the details about where it is possible. I wil reply the channel + messageid used.

EDIT: Only got it working by one specific maniaflash channel for some reason. The only thing I can see that there are adde some more parameters to the link in the browser. (code and manialib-sid sometimes also nonce).

Happy new year,
ManiaPlanet Toolkit: topic + download app.
ManiaCalendar: http://maniacalendar.com / manialink
ManiaCDN: topic
PyPlanet: Python Server Controller Image

User avatar
Posts: 1632
Joined: 01 Feb 2012, 19:13
Location: Paris

Re: [SECURITY!!] ManiaFlash Security bug

Post by magnetik » 05 Jan 2015, 08:46

It seems that you have been victim (or perpetrator :p) of a session hijacking : if a player shares his session ID in the url (when he has cookies turned off) and then share the URL, you can inherit his session.

There are a few thing that we can, and will, do. Thanks for the report :thumbsup:
ManiaPlanet technical documentation portal (Dedicated, ManiaLink, ManiaScript, Titles...) -- contribute!

Post Reply

Return to “Ingame Publishing”

Who is online

Users browsing this forum: No registered users and 2 guests