![]() The response: 4014 bytes, meaning that this character does not appear in the query. With this in mind we performed the following query to see what response we would get: If((SUBSTR(query,from,length)=CHAR()),true,false)įollowing a search on Google, we then found that “37514065” is a valid server code. As a result, one of the limitations placed on us was the inability to query several system tables (such as “information_schema” tables).īut what if we could use the System Variables Indeed, it seemed someone had forgotten about their existence as it worked better than we could have ever wished for! The research revealed that there was a WAF product, working with black lists rather than white lists that we would first need to deal with. ![]() This was certainly a good breakthrough as we realized this could well have the potential for an SQL Injection (at this stage, our assumption was that we are dealing with MYSQL database). Well, the response was: “Server database error”! What were to happen, we asked, if a ‘ sign were to be added to the request? The sub-domain, ‘ ’, led us to an interesting GET request with the following path: “/serverstats.php?server=”. It is at this location that our story begins. Once clicked, with no need even for them to enter any login credentials, their Fortnite username and password could immediately be captured the attacker.Ĭheck Point Research informed Epic Games of this vulnerability and a fix was responsibly deployed, ensuring their millions of players can continue their gameplay in a secure environment.Įpic Games was found to have several old sub-domains, such as ‘ ’. By discovering a vulnerability found in some of Epic Games’ sub-domains, an XSS attack was permissible with the user merely needing to click on a link sent to them by the attacker. Our team’s research, however, relied on a far more sophisticated and sinister method, that did not require the user to hand over any login details whatsoever. These sites promote players to enter their game login credentials, as well as personal information like name, address and credit card details and are spread via social media campaigns that claim players can “earn easy cash” and “make quick money”. These scams previously took the role of deceiving players into logging into fake websites that promised to generate Fortnite’s ‘V-Buck’ in-game currency, a commodity that can usually only be acquired through the official Fortnite store or by earning them in the game itself. With such a meteoric rise in fortune, it is no surprise then that the game had already attracted the attention from cyber criminals who set out to con unsuspecting players. In the last few weeks, however, Check Point Research discovered multiple vulnerabilities in Epic Games’ online platform that could have allowed a threat actor to take over the account of any game player, view their personal account information, purchase V-bucks, Fortnite’s virtual in-game currency and eavesdrop on and record players’ in-game chatter and background home conversations.Ĭreated by Epic Games, an American video game developer, Fortnite is the game responsible for almost half of their $5bn-$8bn estimated value. Played in a virtual world, players of ‘Fortnite’, the massively popular game from game developer Epic Games, are tasked with testing their endurance as they battle for tools and weapons that will keep them secure and the ‘last man standing’. Research by: Alon Boxiner, Eran Vaknin and Oded Vanunu
0 Comments
Leave a Reply. |
AuthorWrite something about yourself. No need to be fancy, just an overview. ArchivesCategories |