alpha_auth_check
itself is a fairly simple function. It does a fewstrstr
’s andstrcmp
’s against some pointers in thehttp_request_t
structure, then callscheck_login
, which actually does the authentication check. It is the finalstrcmp
however, which proves to be the most compelling: This is performing astrcmp
between the string pointer at offset0xD0
inside thehttp_request_t
structure and the string “xmlset_roodkcableoj28840ybtide
”; if the strings match, thecheck_login
function call is skipped andalpha_auth_check
returns1
(authentication OK).
“xmlset_roodkcableoj28840ybtide
” is “edit by 04882 joel backdoor” spelled backwards. Some guy, that Joel. 🙂