|
You last visited: Today at 19:33
Advertisement
Security Issues in most public Private Servers
Discussion on Security Issues in most public Private Servers within the DarkOrbit forum part of the Browsergames category.
12/11/2013, 23:44
|
#16
|
elite*gold: 237 
Join Date: Sep 2010
Posts: 1,152
Received Thanks: 4,910
|
Quote:
Originally Posted by cryz35
Nice thread, are you going to add aurora-azure security holes? Just wonder.
I know some not important ones, may you see  when you have free time? |
If you want I can give you some information to help you protect it. There is still some exploits in your login form.
-jD
|
|
|
|
12/11/2013, 23:55
|
#17
|
elite*gold: 0
Join Date: Feb 2009
Posts: 1,718
Received Thanks: 2,382
|
Quote:
Originally Posted by linkpad
Your website is vulnerable, I can dump every database.
I can even access account by decrypting md5 hash...
|
lol website part simply sucks, I didn't pay much attention  Can you tell me the files?
Quote:
Originally Posted by »jD«
If you want I can give you some information to help you protect it. There is still some exploits in your login form.
-jD
|
I'll be glad to know the problems, thank you..
|
|
|
|
|
12/12/2013, 00:45
|
#18
|
elite*gold: 237
Join Date: Sep 2010
Posts: 1,152
Received Thanks: 4,910
|
Quote:
Originally Posted by linkpad
Have you find any exploits on ? Just for let me know |
I'm currently running an Audit. First things first, you have a bunch of open ports running some exploitable version of software. Just lettin you know.
Also, there seems to be some time-based stuff in the signup form.
-jD
|
|
|
|
|
12/12/2013, 13:53
|
#19
|
elite*gold: 260
Join Date: Jul 2012
Posts: 299
Received Thanks: 812
|
Are you sure I have a bunch of open ports ? I did a nmap, and there's only 8 ports opens.
Also I don't really understand what you mean by "time-based" stuff in the signup form could you explain a little ?
|
|
|
|
|
12/12/2013, 20:36
|
#20
|
elite*gold: 278
Join Date: Dec 2010
Posts: 1,125
Received Thanks: 1,083
|
Thanks for the report I really didn't notice it
|
|
|
|
|
12/12/2013, 21:41
|
#21
|
elite*gold: 1
Join Date: Aug 2010
Posts: 1,330
Received Thanks: 1,724
|
What is SQL Injection?
SQL Injection is a web based attack used by hackers to steal sensitive information from organizations through web applications. It is one of the most common application layer attacks used today. This attack takes advantage of improper coding of web applications, which allows hackers to exploit the vulnerability by injecting SQL commands into the prior web application.
The underlying fact that allows for SQL Injection is that the fields available for user input in the web application allow SQL statements to pass through and interact with or query the database directly.
For example, let us consider a web application that implements a form-based login mechanism to store the user credentials and performs a simple SQL query to validate each login attempt. Here is a typical example:
select * from users where username=’admin’ and password=’admin123′;
If the attacker knows the username of the application administrator is admin, he can login as admin without supplying any password.
admin’–
The query in the back-end looks like:
Select * from users where username=’admin’–’ and password=’***’;
Note the comment sequence (–) causes the followed query to be ignored, so query executed is equivalent to:
Select * from users where username=’admin’;
So password check is bypassed.
For more:
|
|
|
|
|
01/21/2014, 17:47
|
#22
|
elite*gold: 3570
Join Date: Dec 2012
Posts: 13,044
Received Thanks: 8,252
|
I thought about adding to my sticky thread just in case somebody isn't as good as some coders here to know this.
btw:
Could you check my page again?
|
|
|
|
|
02/11/2014, 10:22
|
#23
|
elite*gold: 237
Join Date: Sep 2010
Posts: 1,152
Received Thanks: 4,910
|
Just a heads up, still a bunch of exploits out there 
-jD
|
|
|
|
|
12/17/2014, 15:18
|
#24
|
elite*gold: 0
Join Date: May 2014
Posts: 21
Received Thanks: 0
|
Good job
|
|
|
|
|
12/17/2014, 21:30
|
#25
|
elite*gold: 0
Join Date: Dec 2012
Posts: 233
Received Thanks: 33
|
all those private servers out there are useless,
if you want to make a real safe, good and stable, you can do it alone but you need tobe a master designer, coder, and a genius :P, if you work in a team with talented people, like a designer, a coder, a cybersecurity expert etc.. then you can create a game just like do and release it, without being scared for bigpoint, blackgalaxy is kind of a simple version, of what i mean but it was hard to make,
so dont try to make a private server, if you dont know coding, hackers can get it down by studying the code and figuring out the weak spots. it''s pretty simple for a real talented coder.
and jd, what happened to ur private server ?
|
|
|
|
|
12/19/2014, 01:05
|
#26
|
elite*gold: 237
Join Date: Sep 2010
Posts: 1,152
Received Thanks: 4,910
|
My Private Server is making a comeback. I'm working on getting everything back online now!
*cough* *cough*
-jD
|
|
|
|
|
12/19/2014, 01:20
|
#27
|
elite*gold: 0
Join Date: May 2014
Posts: 663
Received Thanks: 1,154
|
lol -jD is alive!
|
|
|
|
|
12/19/2014, 01:42
|
#28
|
elite*gold: 0
Join Date: Dec 2012
Posts: 233
Received Thanks: 33
|
server looks nice!
can't wait for it to come out
|
|
|
|
|
12/19/2014, 03:04
|
#29
|
elite*gold: 7
Join Date: Dec 2008
Posts: 727
Received Thanks: 119
|
Well, new looks really nice! Waiting for server to come online
If you need help in any ways feel free to PM me (translations, testing etc.).
Maybe you still remember me -Jd :P
Regards,
Nommo.
|
|
|
|
|
12/19/2014, 10:53
|
#30
|
elite*gold: 1
Join Date: Jun 2011
Posts: 1,464
Received Thanks: 1,065
|
Quote:
Originally Posted by »jD«
My Private Server is making a comeback. I'm working on getting everything back online now!
*cough* *cough*
-jD |
I could spend some moduls to solve some comings soons.
|
|
|
|
 |
|
Similar Threads
|
Collection Issues on Servers?
08/26/2012 - DarkOrbit - 9 Replies
Hello ive recently checked my GA2 acc and ive made within 12 hours 12k uri and 24 gg spins have DO reduced drops or somethink on X2 MAPS? As normally i would make in 12 hours 50-60k uri and 200-300 spins
|
Public connection issues(Am I this nooby)
02/13/2012 - Shaiya Private Server - 2 Replies
Ok I need a little help......
I have made my Server public for my team to test. Now I can connect using my public IP, however my team cannot they get "cannot connect to game server" after selecting server.
I have opened Game(30800), Login(30810) ports(and port 80 jus to be sure)-checked all open
I had to do loopback for me to be able to log(Fixed myself)- can log myself
Checked Linked server test connection is good- all passed
Double checked they have the right .exe.- they must to be...
|
Issues with getting my pserver public.
08/19/2011 - Shaiya Private Server - 2 Replies
Hey Guys,
I used Omega's tutorial on creating a private server. All of it works perfectly, but I want to edit it so my spouse can access it too (same internet connection, different computer). This isn't going to be a public server, just one for my spouse and I to test with.
I tried Hamachi, but epically failed. I read a post on port forwarding, but it was not detailed enough for me to understand. *Sorry, I'm a bit of a noob*
Here is my ps_game.ini file text:
ServerName=Game01
|
All times are GMT +1. The time now is 19:34.
|
|
