Jump to content

DoS vulnerability (invalid player id spam)

LTGT

By LTGT,
in Hack Protection & Security

 Share

Recommended Posts

  • Premium
LTGT Community Regular

LTGT 934

Posted
  • Premium
Posted (edited)

This is a fix for a DoS Vulnerability where invalid player ids are spammed (i.e. HEADER_CG_CHARACTER_SELECT),

you can confirm this by looking in the syslog for a bunch of [PLAYER_LOAD] Load from PlayerDB pid[0].

 

to fix this:

This is the hidden content, please

 

 

this fix will make sure the player gets disconnected upon choosing an invalid character, making it harder to spam and making rate limits effective again

Thanks to everyone from sura-head.

Edited by LTGT
added support for different packets
  • Metin2 Dev 104
  • kekw 2
  • Facepalm 1
  • Think 3
  • Scream 1
  • Good 16
  • Love 3
  • Love 24

🍆 Sura-Head 💯

Link to comment
Share on other sites
  • Replies 5
  • Created
  • Last Reply

Top Posters In This Topic

Popular Days

Top Posters In This Topic

Popular Days

Popular Posts

LTGT
LTGT

This is a fix for a DoS Vulnerability where invalid player ids are spammed (i.e. HEADER_CG_CHARACTER_SELECT), you can confirm this by looking in the syslog for a bunch of [PLAYER_LOAD] Load from

ReFresh
ReFresh

@ LTGTJust a little detail... there isn't any player_index variable. One step in your tutorial must look like this: This is the hidden content, please&#

Denizeri24
Denizeri24
  • Contributor
Amun Proficient

Amun 1128

Posted
  • Contributor
Posted

What's dumb is that they checked for the PID when deleting a player 

	if (!c_rAccountTable.players[pinfo->index].dwID)
	{
		sys_err("PlayerDelete: Wrong Social ID index %d, login: %s", pinfo->index, c_rAccountTable.login);
		d->Packet(encode_byte(HEADER_GC_CHARACTER_DELETE_WRONG_SOCIAL_ID), 1);
		return;
	}

but they didn't check when selecting it(they've done the same shit in ::ChangeName, the method above ::CharacterSelect).

I advise you to check all packets using indexes sent by the client, because it's not just the one @ LTGT posted.

  • Love 1
Link to comment
Share on other sites
  • Premium
LTGT Community Regular

LTGT 934

Posted
  • Author
  • Premium
Posted
5 hours ago, Amun said:

What's dumb is that they checked for the PID when deleting a player 

	if (!c_rAccountTable.players[pinfo->index].dwID)
	{
		sys_err("PlayerDelete: Wrong Social ID index %d, login: %s", pinfo->index, c_rAccountTable.login);
		d->Packet(encode_byte(HEADER_GC_CHARACTER_DELETE_WRONG_SOCIAL_ID), 1);
		return;
	}

but they didn't check when selecting it(they've done the same shit in ::ChangeName, the method above ::CharacterSelect).

I advise you to check all packets using indexes sent by the client, because it's not just the one @ LTGT posted.

Main post has been adjusted to support them as well.

🍆 Sura-Head 💯

Link to comment
Share on other sites
  • 2 weeks later...
 Share
Go to topic listing


×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.

  I accept