[FIX][C++] SQL Injection in Messenger and Guild

Page 5 of 6 « First 34 5 6
12/23/2015 02:37 fcsk_aim#61
Who need a fix for 40k but don't have source. Send me a pm.
12/23/2015 09:47 hectoremarius#62
Quote:
Originally Posted by  Aze  View Post
U using a 40k game and no source? How is that even possible?
Hello, Aze.
I don't have source i have serverfiles on internet i find and i download that.
I don't know to using a source and i need diff 40k or fix.
Thanks
12/23/2015 22:11 aden144#63
Who need a fix diff for 40K ? pm skype: don.ron62
He has :)
12/24/2015 02:22 naosou#64
Quote:
Originally Posted by  Aze  View Post
U using a 40k game and no source? How is that even possible?
what?
12/24/2015 05:15 Nadellia#65
Hi, I try your fix but with, quest can't load in game, and player are disconnect.
12/25/2015 01:50 Yunus-54#66
When i add the code to CGuildManager::CreateGuild which fixes sql injection players can create 2 guilds with the same name, are there any fix about it?
12/26/2015 02:50 .Aphrodite#67
Quote:
Originally Posted by °~Dennis~° View Post
Ich habe da ein Problem mit der Funktion CreateGuild.
Wenn der User eine Gilde erstellt und einen bereits vorhanden namen verwendet erstellt er die Gilde und der User ist der Admin der alten breits vorhanden Gilde

Das ist die Funktion:
PHP Code:
DWORD CGuildManager::CreateGuild(TGuildCreateParametergcp)
{
    if (!gcp.master)
        return 0;

    if (!check_name(gcp.name))
    {
        gcp.master->ChatPacket(CHAT_TYPE_INFOLC_TEXT("187"));
        return 0;
    }
    static char __escape_name[GUILD_NAME_MAX_LEN 1];
    DBManager::instance().EscapeString(__escape_namesizeof(__escape_name), static_cast<const char *>(gcp.name), sizeof(gcp.name));

    std::auto_ptr<SQLMsgpmsg(DBManager::instance().DirectQuery("SELECT COUNT(*) FROM guild%s WHERE name = '%s'",
        get_table_postfix(), __escape_name));

    if (pmsg->Get()->uiNumRows 0)
    {
        MYSQL_ROW row mysql_fetch_row(pmsg->Get()->pSQLResult);

        if (!(row[0] && row[0][0] == '0'))
        {
            gcp.master->ChatPacket(CHAT_TYPE_INFOLC_TEXT("188"));
            return 0;
        }
    }
    else
    {
        gcp.master->ChatPacket(CHAT_TYPE_INFOLC_TEXT("189"));
        return 0;
    }

    CGuild pg M2_NEW CGuild(gcp);
    m_mapGuild.insert(std::make_pair(pg->GetID(), pg));
    return pg->GetID();

Jemand eine Lösung vielleicht ?
Habe den selben Fehler, jemand eine Lösung?
12/26/2015 13:30 DasSchwarzeT#68
[Only registered and activated users can see links. Click Here To Register...]
Same here.. Werde ich wohl gleich mal fixen und dann hier updaten
12/26/2015 13:49 Ken™#69
You don't have to implement the second fix in your source files because there is no potential SQL Injection for MakeGuild. The system is already checking the alpha characters 1 or 2 time(s).

The first one
Code:
	if (strlen(cp.name) == 0 || !check_name(cp.name))
	{
		ch->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("적합하지 않은 길드 이름 입니다."));
		return;
	}
The second one
Code:
	if (!check_name(gcp.name))
	{
		gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길드> 길드 이름이 적합하지 않습니다."));
		return 0;
	}

Kind Regards ~ Ken
12/26/2015 14:46 DasSchwarzeT#70
Quote:
Originally Posted by Ken™ View Post
You don't have to implement the second fix in your source files because there is no potential SQL Injection for MakeGuild. The system is already checking the alpha characters 1 or 2 time(s).

The first one
Code:
	if (strlen(cp.name) == 0 || !check_name(cp.name))
	{
		ch->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("적합하지 않은 길드 이름 입니다."));
		return;
	}
The second one
Code:
	if (!check_name(gcp.name))
	{
		gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길드> 길드 이름이 적합하지 않습니다."));
		return 0;
	}

Kind Regards ~ Ken
That's it..

Wer als folgenden Bug hat und Gilden mit gleichen Namen erstellen kann:

Quote:
Originally Posted by DasSchwarzeT View Post
[Only registered and activated users can see links. Click Here To Register...]
Same here.. Werde ich wohl gleich mal fixen und dann hier updaten
einfach den 2. Fix hier im Startpost rausnehmen, ist nicht nötig.
12/26/2015 17:04 selim995#71
Use the original code guild_manager.cpp

Code:
DWORD CGuildManager::CreateGuild(TGuildCreateParameter& gcp)
{
	if (!gcp.master)
		return 0;

	if (!check_name(gcp.name))
	{
		gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길드> 길드 이름이 적합하지 않습니다."));
		return 0;
	}

	std::auto_ptr<SQLMsg> pmsg(DBManager::instance().DirectQuery("SELECT COUNT(*) FROM guild%s WHERE name = '%s'",
				get_table_postfix(), gcp.name));

	if (pmsg->Get()->uiNumRows > 0)
	{
		MYSQL_ROW row = mysql_fetch_row(pmsg->Get()->pSQLResult);

		if (!(row[0] && row[0][0] == '0'))
		{
			gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길드> 이미 같은 이름의 길드가 있습니다."));
			return 0;
		}
	}
	else
	{
		gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길드> 길드를 생성할 수 없습니다."));
		return 0;
	}

	// new CGuild(gcp) queries guild tables and tell dbcache to notice other game servers.
	// other game server calls CGuildManager::LoadGuild to load guild.
	CGuild * pg = M2_NEW CGuild(gcp);
	m_mapGuild.insert(std::make_pair(pg->GetID(), pg));
	return pg->GetID();
}
12/27/2015 16:35 metin2ky#72
HOW I CAN FIX IT IF I HAVE VAINILLA CORE 55K GAME???????
12/28/2015 21:43 lukasplny#73
Does anybody have dif for 40250? Please
12/29/2015 11:26 bluedrago#74
i need help this can duplicate name of guild
Quote:
DWORD CGuildManager::CreateGuild(TGuildCreateParameter& gcp)
{
if (!gcp.master)
return 0;

if (!check_name(gcp.name))
{
gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길드> 길드 이름이 적합하지 않습니다."));
return 0;
}
static char __escape_name[GUILD_NAME_MAX_LEN * 2 + 1];
DBManager::instance().EscapeString(__escape_name, sizeof(__escape_name), static_cast<const char *>(gcp.name), sizeof(gcp.name));

std::auto_ptr<SQLMsg> pmsg(DBManager::instance().DirectQuery("SELECT COUNT(*) FROM guild%s WHERE name = '%s'",
get_table_postfix(), __escape_name));

if (pmsg->Get()->uiNumRows > 0)
{
MYSQL_ROW row = mysql_fetch_row(pmsg->Get()->pSQLResult);

if (!(row[0] && row[0][0] == '0'))
{
gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("188"));
return 0;
}
}
else
{
gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("189"));
return 0;
}

CGuild * pg = M2_NEW CGuild(gcp);
m_mapGuild.insert(std::make_pair(pg->GetID(), pg));
return pg->GetID();
}
Quote:
Originally Posted by selim995 View Post
Use the original code guild_manager.cpp

Code:
DWORD CGuildManager::CreateGuild(TGuildCreateParameter& gcp)
{
	if (!gcp.master)
		return 0;

	if (!check_name(gcp.name))
	{
		gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길드> 길드 이름이 적합하지 않습니다."));
		return 0;
	}

	std::auto_ptr<SQLMsg> pmsg(DBManager::instance().DirectQuery("SELECT COUNT(*) FROM guild%s WHERE name = '%s'",
				get_table_postfix(), gcp.name));

	if (pmsg->Get()->uiNumRows > 0)
	{
		MYSQL_ROW row = mysql_fetch_row(pmsg->Get()->pSQLResult);

		if (!(row[0] && row[0][0] == '0'))
		{
			gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길드> 이미 같은 이름의 길드가 있습니다."));
			return 0;
		}
	}
	else
	{
		gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길드> 길드를 생성할 수 없습니다."));
		return 0;
	}

	// new CGuild(gcp) queries guild tables and tell dbcache to notice other game servers.
	// other game server calls CGuildManager::LoadGuild to load guild.
	CGuild * pg = M2_NEW CGuild(gcp);
	m_mapGuild.insert(std::make_pair(pg->GetID(), pg));
	return pg->GetID();
}
this code is protect?
03/08/2016 17:07 IzeBreakzz#75
Könnte jemand bitte eine dif für die 33820 machen? Bräuchte die dringend.

Viele Grüße

IzeBreakzz
Page 5 of 6 « First 34 5 6