Jump to content

metho

Member
  • Content Count

    4
  • Joined

  • Last visited

Community Reputation

3 Neutral

About metho

  • Rank
    Neutral

Informations

  • Gender
    Not Telling

Metin2

  • Kingdom
    Jinno

Skills

  • HTML
    Beginner

Recent Profile Visitors

250 profile views
  1. What tools would you use to control the influence of a big server or would you do it manually to distribute the players everywhere on the map?
  2. Hi, Here is a small example of a code injection on the top list: metin2pserver.info. If you want to test it yourself: I hosted the following script here ( https://pastebin.com/raw/28VjB803 ): /** * Rate. * * @param {string} serverId * @param {string} name * @param {string} email * @param {number} rating * @option 1 - Insufficient * @option 2 - Inadequate * @option 3 - Sufficient * @option 4 - Satisfying * @option 5 - Good * @option 6 - Very good * @param {string} comment * @param {number} picture * @option 1 - Warrior (m) * @option 2 - W
  3. @FlasH Strange, i downloaded the lastest version, encountered the issue, fixed it, posted it on another forum and get in contact with him personally. My guess would be, he implemented it as a sort of feature and now reverted it back to its original state. Maybe he will answer too here @Ionuț
  4. Hello everybody, Since someone asked me about injections in Metin2CMS (targeted CMS: https://metin2cms.cf/), I quickly looked at the code of the CMS mentioned. I also noticed a critical exploit that enables code injections. The file include\functions\sendEmail.php contains the following code: $site_name = $_SERVER['SERVER_NAME']; if ($site_name == 'localhost' || $site_name == '127.0.0.1') $site_name = 'metin2cms.cf'; As of Apache 2, $_SERVER['SERVER_NAME'] can be transmitted from the client to the server via the http header Host (like for $_SERVER['

Shoutbox

Shoutbox

Chatroom Rules

 

Join our Discord

A request for help = Shoutbox Ban

Be respectful & Respect the rules

 

×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.