Hello all, I'm working with another user in discovering exploits and vulnerabilities in the current version of ceres cp and also digging a bit into the patched azndragon cp (found some vulnerabilities but no gaping holes) we havent discussed how we will release our findings without them being patched like last time (the account_manage.php vulnerability). My question to you would be can you offer any hints into the ceres control panel where we should start digging. Thanks =]
If you dont want release your findings to everyone ( so that it dont get patched) you should only offer it to lvl2 ( so just pm lowfyr with your exploits).
I dont know any bugs in this **** cp ( if i had a server i wouldnt use azndragon cp =o).
well.. I would really like to share some of my findings in these.
I made a XSS Worm for ROCP by AZNdragon, LoveRudraCP, StarGamesCP and ChobochoboCP. The XSS Worm works 100% on this CP's and it is made to go directly to the view_exploit_log.php, log.php and authlist.php log's. When the Admin / GM goes to that logs u'll get the admin phpssesid Hash into ur desired log.
Now.. I wonder why would u try to "hack" deliveranceRO by using that crappy method... that CP is prone to Sql Injection dude.. ¬¬!... so **** easy to hack that, the main problem is the default skin "blueeee" wich return u an error when injecting the error.
I wonder how can I get "lvl 2".
Let me make a tutorial video showing how the XSS exploit works.
-- Pending video--
Ok.. here's the video.. It took me a while to make it..
It's compresed with winrar and it's a video clip.
REMOVED VIDEO* - !
Rar file size = 3.27MB
Decompresed = 150MB
High Resolution, Please see the video with FULL SIZE SCREEN.
- To prevent kiddies, I have eliminated part of the victimlog
Feel free to ask me for the code of the XssW0rm.
Works on ROCP, LoveRudra, StarGames and Others [like chobochobo]
-------------------------------------------------------------------
Discovering SV BOT in patch 5095 Co2 11/23/2009 - Conquer Online 2 - 13 Replies Hello you guys. Since with the new 5095 patch, i probably bet most auto level such as SV or other level bots don't work anymore. Well I have a question about SV, is Sv a paid bot? If SV is a paid bot, is there any other free alternativ bot thats usable in patch 5095. And what about CID 2.0.8 does it work in patch 5095? Thanks everyone. A site or a link would be helpful. thanks again.
[Savepot] Ceres Cave Savepot 04/04/2005 - General Gaming Discussion - 7 Replies Moin Lam0r ^^
Also eins über Shirkan gibs ein Cave wo man die Ceres Disk her bekommt.
Da spawnen nur 127/127 Launcher Cyclopse und man stellt sich nur immer in die Übergangsräume und barrelt oder macht mit Area Waffen schaden an die Viehcher.
Gibt ganz einfachen trick : bei jeder tür ganz links oder oben rechts aimnen und casten/ballern ... so geht die tuer nicht auf und ihr macht den viehchern dmg .... ihr nehmt kein dmg und exp is super....
hf The BluB
Ceres Cave für Droner 01/20/2005 - General Gaming Discussion - 3 Replies Wenn eine Drone direkt unter dem Ausgang der Ceres Cave gestartet wir, kann sie nicht mehr von den Mobs getroffen werden. Allerdings kann man die Drone dann auch nicht mehr bewegen.
Dadurch das die Tür beim Schiessen auf geht braucht man auch keine Angst vor einem GM zu haben :-)
Ceres Cave und andere Orte 01/20/2005 - General Gaming Discussion - 4 Replies Mit alt+f4 kann man sich in NC so in fast jede Kiste, Generator usw. Exploiten. Auch diverse Gitter können so überwunden werden.
Um sich in ein Objekt hinein zu exploiten, muss man darauf zulaufen und im letzten Moment alt+f4 drücken. Nach dem reboot von NC steht man dann im Objeckt oder hinter dem Gitter.
Leider geht es nicht bei Wänden oder Türen.
( if i had a server i wouldnt use azndragon cp =o).
the video
