Jump to content

Recommended Posts

  • Bronze
56 minutes ago, dako12 said:

If I block mysql port and connect through ssh and create an account for homepage only to write new accounts will I be protected?

This thing is not related to the ports. It's related to the messenger system. The exploit is only working when you're trying to remove someone on your friend list. Ymir didn't add a protection for this. In the leaked source files or Vanilla source has the same vulnerability too. I can't say anything about the older game versions because they probably have the same vulnerability too.

Kind Regards ~ Ken

  • Love 1

Do not be sorry, be better.

Link to comment
Share on other sites

1 hour ago, Ken said:

This thing is not related to the ports. It's related to the messenger system. The exploit is only working when you're trying to remove someone on your friend list. Ymir didn't add a protection for this. In the leaked source files or Vanilla source has the same vulnerability too. I can't say anything about the older game versions because they probably have the same vulnerability too.

Kind Regards ~ Ken

thanks both of you, so we must implement the fix you shared with us to be safe right?

one more question: if ymir didn't take care of this, can it be done to official too then or not? ;P 

Link to comment
Share on other sites

  • Bronze
1 minute ago, dako12 said:

thanks both of you, so we must implement the fix you shared with us to be safe right?

one more question: if ymir didn't take care of this, can it be done to official too then or not? ;P 

They already knew this problem before (It's just a guess). The server will ban who tries to use this SQL injection If you implement my code with a ban query.

Kind Regards ~ Ken

  • Love 1

Do not be sorry, be better.

Link to comment
Share on other sites

Just now, Ken said:

They already knew this problem before (It's just a guess). The server will ban who tries to use this SQL injection If you implement my code with a ban query.

Kind Regards ~ Ken

so they just let it like this for you developers to be troubled then..

is it possible to add a lib or fix it with a dif to 2.4.1 gamefile of vanilla?
cause of its several bug fixes and stuff I don't think the leaked source of vanilla is better than this or wrong?

Link to comment
Share on other sites

  • Bronze
6 minutes ago, dako12 said:

so they just let it like this for you developers to be troubled then..

is it possible to add a lib or fix it with a dif to 2.4.1 gamefile of vanilla?
cause of its several bug fixes and stuff I don't think the leaked source of vanilla is better than this or wrong?

Vanilla source could be good in the old days. For now, everyone is using the new source files. (Home-made) I can't say anything about vanilla source is better than every source or something like that. Every source is valuable at the moment. I think there is no a diff for vanilla sources yet.

Kind Regards ~ Ken

Do not be sorry, be better.

Link to comment
Share on other sites

  • Honorable Member

No other way than switch to your own source and apply the released fix. 

Or if you know IDA you can try to make a diff. I dont know how IDA works so i can't help here. 

Edit: Also you can add a prefix to the tables and add the prefix to the configuration, this will prevent the attackers from knowing how the table is named. 

  • Love 3
Link to comment
Share on other sites

Please sign in to comment

You will be able to leave a comment after signing in



Sign In Now

Announcements



×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.