[Release] Fix SQL Injection in GM commands

This exploit has become better known now, so I decided to release my fix. The fix works for all commands (warning, notice, gmnotice...) and doesn't disable the action log. Works only for ep5.4 ps_game.

Great release, a version has already been published, I don't know about the effectiveness of CT with Cups and Bowie scripts, and a larger version with several injections, I'll leave it here, if you want to test an alternative solution or even analyze for failures, why too many files, not reliable.


Credits Cups and Bowie, has been released for free, distribution and free, be very careful.

Quote:

Originally Posted by Eric-Dutra16 This exploit has become better known now, so I decided to release my fix. The fix works for all commands (warning, notice, gmnotice...) and doesn't disable the action log. Works only for ep5.4 ps_game.

Quote:

Originally Posted by [GM]Crypton Great release, a version has already been published, I don't know about the effectiveness of CT with Cups and Bowie scripts, and a larger version with several injections, I'll leave it here, if you want to test an alternative solution or even analyze for failures, why too many files, not reliable. Credits Cups and Bowie, has been released for free, distribution and free, be very careful.

Does anyone know which version is more useful, the Erick-Dutra version is short and short the cups version, and a larger script with the possible correction for the commands, someone tested and can tell which one is more useful or more complete?

I appreciate if anyone knows any useful information.

Quote:

Originally Posted by IlusionXtreme Does anyone know which version is more useful, the Erick-Dutra version is short and short the cups version, and a larger script with the possible correction for the commands, someone tested and can tell which one is more useful or more complete? I appreciate if anyone knows any useful information.

Both fixes work. My script replaces the quote character with space in the function that creates the action log, the cups and bowie scripts disables calls to the function.

Watch out for releases from people who say they prevent SQL injections. A few years ago an adm from a Brazilian server published a supposed fix for the problem and in fact this supposed fix was an even more serious flaw caused by this ADM. Be very careful!

Quote:

Originally Posted by Diego Jairo Watch out for releases from people who say they prevent SQL injections. A few years ago an adm from a Brazilian server published a supposed fix for the problem and in fact this supposed fix was an even more serious flaw caused by this ADM. Be very careful!

This is a CT script, the code is open, you can check each of the functions and do tests, or you are too dumb to do this.
a ct correction is different from a modified ps_login where it has thousands of codes, dumb people just like you that spoils the community, THAT is a CT file your code is visible, for you check its effectiveness.

Quote:

Originally Posted by Diego Jairo Watch out for releases from people who say they prevent SQL injections. A few years ago an adm from a Brazilian server published a supposed fix for the problem and in fact this supposed fix was an even more serious flaw caused by this ADM. Be very careful!

Ok, this is my last release on this forum.

Quote:

Originally Posted by IlusionXtreme This is a CT script, the code is open, you can check each of the functions and do tests, or you are too dumb to do this. a ct correction is different from a modified ps_login where it has thousands of codes, dumb people just like you that spoils the community, THAT is a CT file your code is visible, for you check its effectiveness.

Very good for you friend, I did not mention this release, I just took advantage of the subject to talk about an event that hurt many people, if you don't know how to interpret text, I have nothing to do with it, it's your problem.

Quote:

Originally Posted by Diego Jairo Very good for you friend, I did not mention this release, I just took advantage of the subject to talk about an event that hurt many people, if you don't know how to interpret text, I have nothing to do with it, it's your problem.

That's a lie, I'm probably the only Brazilian who posted releases on this forum and they are all open source. I checked your profile, your only release is useless, it was not made by you and it is not open source.

Diego Jairo and the well-known Vonstrucker, he uses a fake profile to publish things that are not his, he propagates files and stolen things, things he will never be able to do, never created anything and never did anything for the community.
I am waiting for you to publish your Shaiya Ernasis server in Brazil, which will have a limited duration

is there any for ep4 ?

Quote:

Originally Posted by IlusionXtreme Diego Jairo and the well-known Vonstrucker, he uses a fake profile to publish things that are not his, he propagates files and stolen things, things he will never be able to do, never created anything and never did anything for the community. I am waiting for you to publish your Shaiya Ernasis server in Brazil, which will have a limited duration

that VonStrucker is a kid, he was selling me things that he stole

Quote:

Originally Posted by [GM]Crypton Great release, a version has already been published, I don't know about the effectiveness of CT with Cups and Bowie scripts, and a larger version with several injections, I'll leave it here, if you want to test an alternative solution or even analyze for failures, why too many files, not reliable. Credits Cups and Bowie, has been released for free, distribution and free, be very careful.

It not working on ep4.5

Thanks, good work.

Quote:

Originally Posted by likevil It not working on ep4.5

Do people even read?
It clearly says it only works for 5.4 episode ps_game...