DOWNLOAD Smarters Web Player 2.0 Exploit & Patch

AndyHax

Well-known member
Joined
Jan 5, 2023
Messages
133
Awards
3
Offline
Here is a short summary of the latest exploit in Smarters Web Player 2.0 which we released proof of late last year - Plus details of how to patch it. We've not released any of the 90k+ accounts (despite many many people asking... ) which were recovered and won't be releasing these as I have no interest in harming hard-working providers. Smarters seem to have made permission changes to their public instance so it is no longer vulnerable. It seems smarters have also released a further version which includes a salt to (I think) encrypt the stored user details better however it is still vulnerable to this injection attack without further mitigation.



This is the only exploit I was able to find in this web player but I'm certainly not guarenteeing there are no others. The ajax-control.php on this version (which provided a couple of exploits on the old v1 player) seems to be sound.
 
Last edited:

arrepiadoww

New member
Joined
Oct 23, 2022
Messages
2
Offline
Here is a short summary of the latest exploit in Smarters Web Player 2.0 which we released proof of late last year - Plus details of how to patch it. We've not released any of the 90k+ accounts (despite many many people asking... ) which were recovered and won't be releasing these as I have no interest in harming hard-working providers. Smarters seem to have made permission changes to their public instance so it is no longer vulnerable. It seems smarters have also released a further version which includes a salt to (I think) encrypt the stored user details better however it is still vulnerable to this injection attack without further mitigation.

*** Hidden text: cannot be quoted. ***


This is the only exploit I was able to find in this web player but I'm certainly not guarenteeing there are no others. The ajax-control.php on this version (which provided a couple of exploits on the old v1 player) seems to be sound.
 
Top