CVE-2018-25165

Vulnerability

Details

The Galaxy Forces MMORPG version 0.5.8 suffers from an SQL injection vulnerability in the ads.php script. The type parameter is not properly sanitized before being used in SQL queries, enabling attackers to inject arbitrary SQL commands. This is demonstrated in a public exploit [1] that uses a crafted POST request with URL-encoded SQL payloads.

Exploitation

An attacker must be authenticated to the application. The exploit sends a POST request to ads.php with parameters including action=add and a malicious type value. The PoC [1] shows the injection of a subquery that extracts database metadata such as the current user, database name, and server version. The attack is performed over HTTP and does not require any special network access beyond being able to reach the web server.

Impact

Successful exploitation allows an authenticated attacker to extract sensitive information from the database, including usernames, database names, and version details [1]. This information can be used to further compromise the application or underlying system. The CVSS score of 7.1 (High) reflects the potential for significant data exposure.

Mitigation

As of the publication date, no official patch has been released for this vulnerability. Users of Galaxy Forces MMORPG 0.5.8 are advised to apply input validation and parameterized queries to prevent SQL injection. If a newer version is available, upgrading is recommended. The vendor homepage is http://galaxy.alyx.pl/ [1].