Well if we consider this to be real, there are three? possible attack vectors:
1) SQL Injection
Well we all know storing passwords in plain text is bad idea. company should just fix that.
When I looked I could not find any space in the game large enough to do any sort of meaningfull injection. Although it was possible as the server did not strip the input.
For example you can crash the login server by loging in on all accounts at once. But that restarts in about 10 minutes.
Servers can configure acceptable characters for login name or password. Which allows them to not have spaces or " or ' rendering the exploit useless? Such as hun games did possibly without even knowing.
If it is sql injection do something more grand. Set your self to have a gm account/ gm powers and spawn monsters in town and create items. MSSQL database it seems btw
Now I only checked login, guild name/message and character name. If chat or whispers are logged into sql then that might be enough characters to find something? I did not try but I would assume they are not logged.
Now maybe constructing something in a temp table/var and then executing it could work. Or dumping to xml file and finding it on webserver or ftp? but thats still a lot to write in and the feilds simply arent big enough so it would require some server side trickery I think.
2) GM Command/packet
GM Command or packet that we dont know about which causes the server to send this list.
Then the game creators are really stupid for not protecting it with basic gm check flags.
Let alone having passwords plain text and sending such info across the wire. There are quite a few packets I still dont understand from TS2 so it could be a posibility....
3) Sending a broadcasted packet to execute RPC, Shell Code or something.
That gets to sent everyone through the server and executes some code on their client to get them to send their login details *stored in client after all* back to you.
If its the third one simply removing the details after login and putting them in whilst changing maps should fix the problem. Or a better fix to find the exploitable packet and patch that.
If it can execute code on your client then you have much more to worry about than your login being stolen. For example they could download viruses onto your computer. Or keylog you and send back the data through whisper or something without you seeing it.
Of course it would be even more halirious if they simply had a log file of last logged in accounts on their web server or ftp.
-Xtrap.xt will be stopped.
I am actually curious how this is done
Lets see some more delicious proof of concept stuff, could you do more HD videos and not rush things im sure that will get you much more views on your youtube account too since you seem interested in that
.
