This exploit has become better known now, so I decided to release my fix. The fix works for all commands (warning, notice, gmnotice...) and doesn't disable the action log. Works only for ep5.4 ps_game.
Great release, a version has already been published, I don't know about the effectiveness of CT with Cups and Bowie scripts, and a larger version with several injections, I'll leave it here, if you want to test an alternative solution or even analyze for failures, why too many files, not reliable.
Credits Cups and Bowie, has been released for free, distribution and free, be very careful.
This exploit has become better known now, so I decided to release my fix. The fix works for all commands (warning, notice, gmnotice...) and doesn't disable the action log. Works only for ep5.4 ps_game.
Quote:
Originally Posted by [GM]Crypton
Great release, a version has already been published, I don't know about the effectiveness of CT with Cups and Bowie scripts, and a larger version with several injections, I'll leave it here, if you want to test an alternative solution or even analyze for failures, why too many files, not reliable.
Credits Cups and Bowie, has been released for free, distribution and free, be very careful.
Does anyone know which version is more useful, the Erick-Dutra version is short and short the cups version, and a larger script with the possible correction for the commands, someone tested and can tell which one is more useful or more complete?
I appreciate if anyone knows any useful information.
Does anyone know which version is more useful, the Erick-Dutra version is short and short the cups version, and a larger script with the possible correction for the commands, someone tested and can tell which one is more useful or more complete?
I appreciate if anyone knows any useful information.
Both fixes work. My script replaces the quote character with space in the function that creates the action log, the cups and bowie scripts disables calls to the function.
Watch out for releases from people who say they prevent SQL injections. A few years ago an adm from a Brazilian server published a supposed fix for the problem and in fact this supposed fix was an even more serious flaw caused by this ADM. Be very careful!
Watch out for releases from people who say they prevent SQL injections. A few years ago an adm from a Brazilian server published a supposed fix for the problem and in fact this supposed fix was an even more serious flaw caused by this ADM. Be very careful!
This is a CT script, the code is open, you can check each of the functions and do tests, or you are too dumb to do this.
a ct correction is different from a modified ps_login where it has thousands of codes, dumb people just like you that spoils the community, THAT is a CT file your code is visible, for you check its effectiveness.
Watch out for releases from people who say they prevent SQL injections. A few years ago an adm from a Brazilian server published a supposed fix for the problem and in fact this supposed fix was an even more serious flaw caused by this ADM. Be very careful!
This is a CT script, the code is open, you can check each of the functions and do tests, or you are too dumb to do this.
a ct correction is different from a modified ps_login where it has thousands of codes, dumb people just like you that spoils the community, THAT is a CT file your code is visible, for you check its effectiveness.
Very good for you friend, I did not mention this release, I just took advantage of the subject to talk about an event that hurt many people, if you don't know how to interpret text, I have nothing to do with it, it's your problem.
Very good for you friend, I did not mention this release, I just took advantage of the subject to talk about an event that hurt many people, if you don't know how to interpret text, I have nothing to do with it, it's your problem.
That's a lie, I'm probably the only Brazilian who posted releases on this forum and they are all open source. I checked your profile, your only release is useless, it was not made by you and it is not open source.
Diego Jairo and the well-known Vonstrucker, he uses a fake profile to publish things that are not his, he propagates files and stolen things, things he will never be able to do, never created anything and never did anything for the community.
I am waiting for you to publish your Shaiya Ernasis server in Brazil, which will have a limited duration
Diego Jairo and the well-known Vonstrucker, he uses a fake profile to publish things that are not his, he propagates files and stolen things, things he will never be able to do, never created anything and never did anything for the community.
I am waiting for you to publish your Shaiya Ernasis server in Brazil, which will have a limited duration
that VonStrucker is a kid, he was selling me things that he stole
Great release, a version has already been published, I don't know about the effectiveness of CT with Cups and Bowie scripts, and a larger version with several injections, I'll leave it here, if you want to test an alternative solution or even analyze for failures, why too many files, not reliable.
Credits Cups and Bowie, has been released for free, distribution and free, be very careful.
[Release] Simple FIX FOR "SQL Injection (ABOUT GUILD)" 02/06/2017 - SRO PServer Guides & Releases - 18 Replies http://i.epvpimg.com/Ybguf.png
First, you go to
"SRO_VT_SHARD" > Tables > _SiegeFortress > Right Click > Design > GO DOWN TO > IntroductionModificationPermission > Column Properties > Default Value Or Binding ((1)) > Change to ((0)) "
just like the screen shot
http://image.prntscr.com/image/2e358d0b2e1d4a45a2 509d364efe8fbc.png
[FIX][C++] SQL Injection in Messenger and Guild 09/04/2016 - Metin2 PServer Guides & Strategies - 82 Replies Hello,
today there were attacks to several servers all using the same exploits.
I will not further explain the method used to attack these servers.
To fix it go to messenger_manager.cpp:
![[Release] Fix SQL Injection in GM commands](https://www.elitepvpers.com/forum/iconimages/shaiya-pserver-guides-releases/release-fix-sql-injection-gm-commands_ltr.gif){kind=small}
![[GM] Purple's Avatar](https://www.elitepvpers.com/forum/customavatars/avatar8228935_3.gif){kind=avatar}
