Register for your free account! | Forgot your password?

Go Back   elitepvpers > Popular Games > Metin2 > Metin2 Private Server > Metin2 PServer Guides & Strategies
[FIX][C++] SQL Injection in Messenger and Guild [FIX][C++] SQL Injection in Messenger and Guild
You last visited: Today at 04:28

  • Please register to post and access all features, it's quick, easy and FREE!

Advertisement


Advertise with us!

[FIX][C++] SQL Injection in Messenger and Guild

Discussion on [FIX][C++] SQL Injection in Messenger and Guild within the Metin2 PServer Guides & Strategies forum part of the Metin2 Private Server category.

Reply
Page 5 of 6 « First 34 5 6
 
Old 12/23/2015, 02:37   #61
 
fcsk_aim's Avatar
 
elite*gold: 100
The Black Market: 0/0/0
Join Date: Dec 2014
Posts: 93
Received Thanks: 51
Who need a fix for 40k but don't have source. Send me a pm.
fcsk_aim is offline  
Old 12/23/2015, 09:47   #62
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Jun 2011
Posts: 4
Received Thanks: 0
Quote:
Originally Posted by  Aze  View Post
U using a 40k game and no source? How is that even possible?
Hello, Aze.
I don't have source i have serverfiles on internet i find and i download that.
I don't know to using a source and i need diff 40k or fix.
Thanks
hectoremarius is offline  
Old 12/23/2015, 22:11   #63
 
elite*gold: 12
The Black Market: 2/0/0
Join Date: Sep 2010
Posts: 81
Received Thanks: 8
Who need a fix diff for 40K ? pm skype: don.ron62
He has
aden144 is offline  
Old 12/24/2015, 02:22   #64
 
naosou's Avatar
 
elite*gold: 0
The Black Market: 11/0/0
Join Date: May 2013
Posts: 396
Received Thanks: 92
Quote:
Originally Posted by  Aze  View Post
U using a 40k game and no source? How is that even possible?
what?
naosou is offline  
Old 12/24/2015, 05:15   #65
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Nov 2011
Posts: 32
Received Thanks: 7
Hi, I try your fix but with, quest can't load in game, and player are disconnect.
Nadellia is offline  
Old 12/25/2015, 01:50   #66
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Mar 2010
Posts: 49
Received Thanks: 18
When i add the code to CGuildManager::CreateGuild which fixes sql injection players can create 2 guilds with the same name, are there any fix about it?
Yunus-54 is offline  
Old 12/26/2015, 02:50   #67
 
.Aphrodite's Avatar
 
elite*gold: 70
The Black Market: 0/0/0
Join Date: Mar 2015
Posts: 98
Received Thanks: 116
Quote:
Originally Posted by °~Dennis~° View Post
Ich habe da ein Problem mit der Funktion CreateGuild.
Wenn der User eine Gilde erstellt und einen bereits vorhanden namen verwendet erstellt er die Gilde und der User ist der Admin der alten breits vorhanden Gilde

Das ist die Funktion:
PHP Code:
DWORD CGuildManager::CreateGuild(TGuildCreateParametergcp)
{
    if (!gcp.master)
        return 0;

    if (!check_name(gcp.name))
    {
        gcp.master->ChatPacket(CHAT_TYPE_INFOLC_TEXT("187"));
        return 0;
    }
    static char __escape_name[GUILD_NAME_MAX_LEN 1];
    DBManager::instance().EscapeString(__escape_namesizeof(__escape_name), static_cast<const char *>(gcp.name), sizeof(gcp.name));

    std::auto_ptr<SQLMsgpmsg(DBManager::instance().DirectQuery("SELECT COUNT(*) FROM guild%s WHERE name = '%s'",
        get_table_postfix(), __escape_name));

    if (pmsg->Get()->uiNumRows 0)
    {
        MYSQL_ROW row mysql_fetch_row(pmsg->Get()->pSQLResult);

        if (!(row[0] && row[0][0] == '0'))
        {
            gcp.master->ChatPacket(CHAT_TYPE_INFOLC_TEXT("188"));
            return 0;
        }
    }
    else
    {
        gcp.master->ChatPacket(CHAT_TYPE_INFOLC_TEXT("189"));
        return 0;
    }

    CGuild pg M2_NEW CGuild(gcp);
    m_mapGuild.insert(std::make_pair(pg->GetID(), pg));
    return pg->GetID();

Jemand eine Lösung vielleicht ?
Habe den selben Fehler, jemand eine Lösung?
.Aphrodite is offline  
Old 12/26/2015, 13:30   #68
 
DasSchwarzeT's Avatar
 
elite*gold: 399
The Black Market: 95/0/0
Join Date: Sep 2011
Posts: 5,323
Received Thanks: 3,937

Same here.. Werde ich wohl gleich mal fixen und dann hier updaten
DasSchwarzeT is offline  
Thanks
1 User
Old 12/26/2015, 13:49   #69
 
Ken™'s Avatar
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Aug 2015
Posts: 10
Received Thanks: 45
You don't have to implement the second fix in your source files because there is no potential SQL Injection for MakeGuild. The system is already checking the alpha characters 1 or 2 time(s).

The first one
Code:
	if (strlen(cp.name) == 0 || !check_name(cp.name))
	{
		ch->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("적합하지 않은 길드 이름 입니다."));
		return;
	}
The second one
Code:
	if (!check_name(gcp.name))
	{
		gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길드> 길드 이름이 적합하지 않습니다."));
		return 0;
	}

Kind Regards ~ Ken
Ken™ is offline  
Thanks
2 Users
Old 12/26/2015, 14:46   #70
 
DasSchwarzeT's Avatar
 
elite*gold: 399
The Black Market: 95/0/0
Join Date: Sep 2011
Posts: 5,323
Received Thanks: 3,937
Quote:
Originally Posted by Ken™ View Post
You don't have to implement the second fix in your source files because there is no potential SQL Injection for MakeGuild. The system is already checking the alpha characters 1 or 2 time(s).

The first one
Code:
	if (strlen(cp.name) == 0 || !check_name(cp.name))
	{
		ch->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("적합하지 않은 길드 이름 입니다."));
		return;
	}
The second one
Code:
	if (!check_name(gcp.name))
	{
		gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길드> 길드 이름이 적합하지 않습니다."));
		return 0;
	}

Kind Regards ~ Ken
That's it..

Wer als folgenden Bug hat und Gilden mit gleichen Namen erstellen kann:

Quote:
Originally Posted by DasSchwarzeT View Post

Same here.. Werde ich wohl gleich mal fixen und dann hier updaten
einfach den 2. Fix hier im Startpost rausnehmen, ist nicht nötig.
DasSchwarzeT is offline  
Old 12/26/2015, 17:04   #71
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Sep 2010
Posts: 41
Received Thanks: 23
Use the original code guild_manager.cpp

Code:
DWORD CGuildManager::CreateGuild(TGuildCreateParameter& gcp)
{
	if (!gcp.master)
		return 0;

	if (!check_name(gcp.name))
	{
		gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길드> 길드 이름이 적합하지 않습니다."));
		return 0;
	}

	std::auto_ptr<SQLMsg> pmsg(DBManager::instance().DirectQuery("SELECT COUNT(*) FROM guild%s WHERE name = '%s'",
				get_table_postfix(), gcp.name));

	if (pmsg->Get()->uiNumRows > 0)
	{
		MYSQL_ROW row = mysql_fetch_row(pmsg->Get()->pSQLResult);

		if (!(row[0] && row[0][0] == '0'))
		{
			gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길드> 이미 같은 이름의 길드가 있습니다."));
			return 0;
		}
	}
	else
	{
		gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길드> 길드를 생성할 수 없습니다."));
		return 0;
	}

	// new CGuild(gcp) queries guild tables and tell dbcache to notice other game servers.
	// other game server calls CGuildManager::LoadGuild to load guild.
	CGuild * pg = M2_NEW CGuild(gcp);
	m_mapGuild.insert(std::make_pair(pg->GetID(), pg));
	return pg->GetID();
}
selim995 is offline  
Old 12/27/2015, 16:35   #72
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Dec 2015
Posts: 2
Received Thanks: 0
HOW I CAN FIX IT IF I HAVE VAINILLA CORE 55K GAME???????
metin2ky is offline  
Old 12/28/2015, 21:43   #73
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Dec 2009
Posts: 34
Received Thanks: 3
Does anybody have dif for 40250? Please
lukasplny is offline  
Old 12/29/2015, 11:26   #74
 
elite*gold: 0
The Black Market: 0/0/0
Join Date: Feb 2009
Posts: 312
Received Thanks: 29
i need help this can duplicate name of guild
Quote:
DWORD CGuildManager::CreateGuild(TGuildCreateParameter& gcp)
{
if (!gcp.master)
return 0;

if (!check_name(gcp.name))
{
gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길드> 길드 이름이 적합하지 않습니다."));
return 0;
}
static char __escape_name[GUILD_NAME_MAX_LEN * 2 + 1];
DBManager::instance().EscapeString(__escape_name, sizeof(__escape_name), static_cast<const char *>(gcp.name), sizeof(gcp.name));

std::auto_ptr<SQLMsg> pmsg(DBManager::instance().DirectQuery("SELECT COUNT(*) FROM guild%s WHERE name = '%s'",
get_table_postfix(), __escape_name));

if (pmsg->Get()->uiNumRows > 0)
{
MYSQL_ROW row = mysql_fetch_row(pmsg->Get()->pSQLResult);

if (!(row[0] && row[0][0] == '0'))
{
gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("188"));
return 0;
}
}
else
{
gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("189"));
return 0;
}

CGuild * pg = M2_NEW CGuild(gcp);
m_mapGuild.insert(std::make_pair(pg->GetID(), pg));
return pg->GetID();
}
Quote:
Originally Posted by selim995 View Post
Use the original code guild_manager.cpp

Code:
DWORD CGuildManager::CreateGuild(TGuildCreateParameter& gcp)
{
	if (!gcp.master)
		return 0;

	if (!check_name(gcp.name))
	{
		gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길드> 길드 이름이 적합하지 않습니다."));
		return 0;
	}

	std::auto_ptr<SQLMsg> pmsg(DBManager::instance().DirectQuery("SELECT COUNT(*) FROM guild%s WHERE name = '%s'",
				get_table_postfix(), gcp.name));

	if (pmsg->Get()->uiNumRows > 0)
	{
		MYSQL_ROW row = mysql_fetch_row(pmsg->Get()->pSQLResult);

		if (!(row[0] && row[0][0] == '0'))
		{
			gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길드> 이미 같은 이름의 길드가 있습니다."));
			return 0;
		}
	}
	else
	{
		gcp.master->ChatPacket(CHAT_TYPE_INFO, LC_TEXT("<길드> 길드를 생성할 수 없습니다."));
		return 0;
	}

	// new CGuild(gcp) queries guild tables and tell dbcache to notice other game servers.
	// other game server calls CGuildManager::LoadGuild to load guild.
	CGuild * pg = M2_NEW CGuild(gcp);
	m_mapGuild.insert(std::make_pair(pg->GetID(), pg));
	return pg->GetID();
}
this code is protect?
bluedrago is offline  
Old 03/08/2016, 17:07   #75
 
IzeBreakzz's Avatar
 
elite*gold: 20
The Black Market: 1/0/0
Join Date: Sep 2012
Posts: 579
Received Thanks: 139
Könnte jemand bitte eine dif für die 33820 machen? Bräuchte die dringend.

Viele Grüße

IzeBreakzz
IzeBreakzz is offline  
Reply
Page 5 of 6 « First 34 5 6

« [Mini-RLS] Mount Aufsteigen (Smoking / Hochzeitskleid) | Search HomePage & ItemShop »

Similar Threads Similar Threads
Small Help needed to fix the icons on messenger/guild
08/08/2015 - Flyff Private Server - 2 Replies
Hello guys, i just need a little help or guide on how do i fix the icons for each job in the friend list or messenger list. cause my messenger looks like this : Messenger Icons Error i need to correct the icons same with the guild view Guild Icon Error wrong icons ... Thanks in advance
[B) What´s App Messenger
12/14/2012 - elite*gold Trading - 20 Replies
Hey Leute ich biete euch hiermit einen Code für den iTunes US Store an! Dieser Code beinhaltet den Download von dem What´s App Messenger! Sofortkauf 30 e*G! Ich wiederhole, dieser Code funktioniert nur auf dem US iTunes Store!
Messenger Bug ?
07/19/2012 - Combat Arms - 2 Replies
Leute bei Combat Arms geht der Messenger garnicht und mit dem Clan kann ich garnicht sprechen alle sind Offline ist das nur bei mir oder bei vielen ? Und wie bekommt mann das wieder zurück ?
Tcp Messenger
06/21/2010 - AutoIt - 8 Replies
Hi wieder mal ein Problem:rtfm: Möchte nun Von meinem Tcp,Client was zu meinem Tcp,Server senden eine Nahricht möchte diese aber nicht immer im code ändern habe dazu eine Inputbox gemacht möchte nun das der text der in der inputbox ist gesendet wird mein code sieht bisher so aus TCPStartup() $verbindung = TCPConnect("127.0.0.1", 4322) $message=Inputbox("Msg Transmitter","Bitte Gib deine Nahricht ein.") If $verbindung = -1 Then MsgBox(16, "Error", "Die Verbindung zum Server...



All times are GMT +1. The time now is 04:30.

elitepvpers - play less, get more - Top

Powered by vBulletin®
Copyright ©2000 - 2025, Jelsoft Enterprises Ltd.
SEO by vBSEO ©2011, Crawlability, Inc.
This site is protected by reCAPTCHA and the Google Privacy Policy and Terms of Service apply.

Support | Contact Us | FAQ | Advertising | Privacy Policy | Terms of Service | Abuse
Copyright ©2025 elitepvpers All Rights Reserved.