In Part One we discovered an object that lets us execute arbitrary commands via unsafe handling of user input - the Alley room. Now we want to understand the blast radius of this issue. The first question to ask is, "What does the Alley control?"
Alley(#9485RISVB) Type: Room Flags: TRUST STICKY VISUAL BATHROOM Owner: 8BitMUSH Zone: NOTHING Coins: 0 Created: Sat Apr 28 13:14:31 2001
The help entry for help control
tells us that if the Alley has the TRUST
flag, it controls anything with the same owner that isn't set WIZARD
. As it turns out, the 8BitMUSH
user owns a great deal of things throughout 8Bit.
...continue reading "Back-Alley Hacking: 8Bit MUSH (Part Two)"