New 'hack' for P-servers

[Amanda98]

Everyone uses same leaked vsro files, same sql login "sa", same database names, cerf setting, everything same except ip/port. Of course hacker could break on this.

Just rename or change those, it shouldn't be problem anymore i guess?

[Bаne]

Quote:

Originally Posted by Amanda98

Everyone uses same leaked vsro files, same sql login "sa", same database names, cerf setting, everything same except ip/port. Of course hacker could break on this.

Just rename or change those, it shouldn't be problem anymore i guess?

I would hope people would change the password of the SA account when they release there server... :/

Acctualy, it would be best to just make a new user in all to handel SRO...

[jangan322]

the fix for 1x game server files = 100% confirmed.
so far the fix for 3 gameservers = 50/50

[xavi]

(Global, Gateway, Shard, GameServer) Only these server have queries db connection string as:

"SQLDriverConnectW";"24";"1";"InConnectionString=' DRIVER={SQL Server} ....

after that select * from_table bla bla...

So exploits using SQL injection attack on those server.

[PortalDark]

Quote:

Originally Posted by xavi

(Global, Gateway, Shard, GameServer) Only these server have queries db connection string as:

"SQLDriverConnectW";"24";"1";"InConnectionString=' DRIVER={SQL Server} ....

after that select * from_table bla bla...

So exploits using SQL injection attack on those server.

in fact, cert is like the bridge to start a connection and certify a secure connectivity
thats the true source of the exploit
also, everyone opens all ports the see inside the cert inis
which leads to a remote connection