Card-Jitsu Backdoors
What is this all about?
A while ago, CPG(Club Penguin Generations) got breached by PP(Pigeon Patrol) and various files were leaked. This includes:
- A customized Kitsune
- A customized Sweater
- A BCRYPT Database (Current)
- An MD5 Database (Old)
What is the main story about this?
In this modified Kitsune, all there was to it was 1 very interesting feature, which was CJ(Card-Jitsu.) We all know that CJ is extremely hard to create. The person JAD created CJ For CPG in return for $. A while ago, Jad told me that there were multiple backdoors in this customized Kitsune. The exact lines were never recalled, but 1 filename was, which was Multiplayer.php.
What are the exploits?
The so called exploits have a level of P3(P3 is a the professional term of what level the vulnerability gets.) The attacker can login with PCL(A script to remotely "play" Club Penguin.) and send specific packets to crash CJ. In this repository, you will find all files that were changed in the customized Kitsune (The latest Kitsune for re-checking was used.) You can spot a change when it is commented as followed:
//************************* // Code here //*************************
Or:
// Code here // Some more code