Jump to content
×
×
  • Create New...

How To Fix Messenger SQL Injection


Recommended Posts

  • Moon

Second fix - Description (Totally fix)

Even If you don't use escape string for the companion, the function will search companion and account in the maps. If the result is not positive, the function will stop itself and write a log in syserr.

Search this in messenger_manager.cpp

 

void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion)
 

Replace with this

void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion)
{
	if (companion.empty())
		return;

	// Second fix
	if (m_Relation[account].find(companion) == m_Relation[account].end() || m_InverseRelation[companion].find(account) == m_InverseRelation[companion].end())
	{
		LPCHARACTER ch = CHARACTER_MANAGER::Instance().FindPC(account.c_str());
		if (ch)
		{
			sys_err("MessengerManager::RemoveFromList: %s tries to use messenger sql injection", ch->GetName());

			if (ch->GetDesc())
				ch->GetDesc()->DelayedDisconnect(3);
		}
		else
			sys_err("MessengerManager::RemoveFromList: Omg! The ghost tried to use this function!");
		return;
	}

	sys_log(1, "MessengerManager::RemoveFromList: Remove %s %s", account.c_str(), companion.c_str());
	DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'", get_table_postfix(), account.c_str(), companion.c_str());
	__RemoveFromList(account, companion);
	TPacketGGMessenger p2ppck;
	p2ppck.bHeader = HEADER_GG_MESSENGER_REMOVE;
	strlcpy(p2ppck.szAccount, account.c_str(), sizeof(p2ppck.szAccount));
	strlcpy(p2ppck.szCompanion, companion.c_str(), sizeof(p2ppck.szCompanion));;
	P2P_MANAGER::instance().Send(&p2ppck, sizeof(TPacketGGMessenger));
}

If you want to ban who tries to use this SQL injection, here is a code for you.

void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion)
{
	if (companion.empty())
		return;

	// Second fix
	if (m_Relation[account].find(companion) == m_Relation[account].end() || m_InverseRelation[companion].find(account) == m_InverseRelation[companion].end())
	{
		LPCHARACTER ch = CHARACTER_MANAGER::Instance().FindPC(account.c_str());
		if (ch)
		{
			sys_err("MessengerManager::RemoveFromList: %s tries to use messenger sql injection", ch->GetName());
			DBManager::Instance().DirectQuery("UPDATE account.account SET status = 'BAN' WHERE id = %u", ch->GetAID());
			if (ch->GetDesc())
				ch->GetDesc()->DelayedDisconnect(3);
		}
		else
			sys_err("MessengerManager::RemoveFromList: Omg! The ghost tried to use this function!");
		return;
	}

	sys_log(1, "MessengerManager::RemoveFromList: Remove %s %s", account.c_str(), companion.c_str());
	DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'", get_table_postfix(), account.c_str(), companion.c_str());
	__RemoveFromList(account, companion);
	TPacketGGMessenger p2ppck;
	p2ppck.bHeader = HEADER_GG_MESSENGER_REMOVE;
	strlcpy(p2ppck.szAccount, account.c_str(), sizeof(p2ppck.szAccount));
	strlcpy(p2ppck.szCompanion, companion.c_str(), sizeof(p2ppck.szCompanion));;
	P2P_MANAGER::instance().Send(&p2ppck, sizeof(TPacketGGMessenger));
}
  • Love 29

Do not be sorry, be better.

Link to comment
Share on other sites

  • Replies 35
  • Created
  • Last Reply

Top Posters In This Topic

  • Moon
2 minutes ago, ds_aim said:

that way you can only delete friends if they are online

 

I recommed to use MartPwn fix, it's 90% better.

Maybe you should read the codes well.

// If the character is not exist in the game, use EscapeString and send to the database.
				if (!tch)
				{

The one sends escape string, the other sends the character name.

Kind Regards ~Ken

  • Love 3

Do not be sorry, be better.

Link to comment
Share on other sites

  • Moon
Just now, Sherer said:

Either your`s and Alpha fixes are ok, yes?

Both ways show the same result. (Block SQL Injection). Nova/Alpha's using this in MessengerManager::RemoveFromList. I'm using this before use this function.

Kind Regards ~Ken

  • Love 2

Do not be sorry, be better.

Link to comment
Share on other sites

1 minute ago, Ken said:

Both ways show the same result. (Block SQL Injection). Nova/Alpha's using this in MessengerManager::RemoveFromList. I'm using this before use this function.

Kind Regards ~Ken

That`s fine. I have seen that a lot of P. Servers are having big issues at the moment. Especially, those which use older game`s revisions.

Link to comment
Share on other sites

  • Moon

Second fix - Description (Totally fix)

Even If you don't use escape string for the companion, the function will search companion and account in the maps. If the result is not positive, the function will stop itself and write a log in syserr.

Search this in messenger_manager.cpp

 

void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion)
 

Replace with this

void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion)
{
	if (companion.empty())
		return;

	// Second fix
	if (m_Relation[account].find(companion) == m_Relation[account].end() || m_InverseRelation[companion].find(account) == m_InverseRelation[companion].end())
	{
		LPCHARACTER ch = CHARACTER_MANAGER::Instance().FindPC(account.c_str());
		if (ch)
		{
			sys_err("MessengerManager::RemoveFromList: %s tries to use messenger sql injection", ch->GetName());

			if (ch->GetDesc())
				ch->GetDesc()->DelayedDisconnect(3);
		}
		else
			sys_err("MessengerManager::RemoveFromList: Omg! The ghost tried to use this function!");
		return;
	}

	sys_log(1, "MessengerManager::RemoveFromList: Remove %s %s", account.c_str(), companion.c_str());
	DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'", get_table_postfix(), account.c_str(), companion.c_str());
	__RemoveFromList(account, companion);
	TPacketGGMessenger p2ppck;
	p2ppck.bHeader = HEADER_GG_MESSENGER_REMOVE;
	strlcpy(p2ppck.szAccount, account.c_str(), sizeof(p2ppck.szAccount));
	strlcpy(p2ppck.szCompanion, companion.c_str(), sizeof(p2ppck.szCompanion));;
	P2P_MANAGER::instance().Send(&p2ppck, sizeof(TPacketGGMessenger));
}

If you want to ban who tries to use this sql injection, here is a code for you.

void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion)
{
	if (companion.empty())
		return;

	// Second fix
	if (m_Relation[account].find(companion) == m_Relation[account].end() || m_InverseRelation[companion].find(account) == m_InverseRelation[companion].end())
	{
		LPCHARACTER ch = CHARACTER_MANAGER::Instance().FindPC(account.c_str());
		if (ch)
		{
			sys_err("MessengerManager::RemoveFromList: %s tries to use messenger sql injection", ch->GetName());
			DBManager::Instance().DirectQuery("UPDATE account.account SET status = 'BAN' WHERE id = %u", ch->GetAID());
			if (ch->GetDesc())
				ch->GetDesc()->DelayedDisconnect(3);
		}
		else
			sys_err("MessengerManager::RemoveFromList: Omg! The ghost tried to use this function!");
		return;
	}

	sys_log(1, "MessengerManager::RemoveFromList: Remove %s %s", account.c_str(), companion.c_str());
	DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'", get_table_postfix(), account.c_str(), companion.c_str());
	__RemoveFromList(account, companion);
	TPacketGGMessenger p2ppck;
	p2ppck.bHeader = HEADER_GG_MESSENGER_REMOVE;
	strlcpy(p2ppck.szAccount, account.c_str(), sizeof(p2ppck.szAccount));
	strlcpy(p2ppck.szCompanion, companion.c_str(), sizeof(p2ppck.szCompanion));;
	P2P_MANAGER::instance().Send(&p2ppck, sizeof(TPacketGGMessenger));
}

 

  • Love 4

Do not be sorry, be better.

Link to comment
Share on other sites

  • Premium

Sorry. I have game 2089m, I pay EURO if one man give me a fix for this server game revision.

Skype: -EDIT-


SYSERR: Dec 15 22:26:10 :: ChildLoop: AsyncSQL: query failed: Commands out of sync; you can't run this command now (query: DELETE FROM messenger_list WHERE account='xX007XxX' AND companion = '';DROP TABLE player; --d' errno: 2014)
SYSERR: Dec 15 22:26:10 :: ChildLoop: AsyncSQL: query failed: Commands out of sync; you can't run this command now (query: DELETE FROM messenger_list WHERE account='xX007XxX' AND companion = '';DELETE FROM guild; --k' errno: 2014)
SYSERR: Dec 15 22:26:10 :: ChildLoop: AsyncSQL: query failed: Commands out of sync; you can't run this command now (query: DELETE FROM messenger_list WHERE account='xX007XxX' AND companion = '';USE mysql; --' errno: 2014)
SYSERR: Dec 15 22:26:10 :: ChildLoop: AsyncSQL: query failed: Commands out of sync; you can't run this command now (query: DELETE FROM messenger_list WHERE account='xX007XxX' AND companion = '';DELETE FROM user; --' errno: 2014)
SYSERR: Dec 15 22:26:10 :: ChildLoop: AsyncSQL: query failed: Commands out of sync; you can't run this command now (query: DELETE FROM messenger_list WHERE account='xX007XxX' AND companion = '';DROP DATABASE log; --d' errno: 2014)

 

 

Edited by Shisui
Skype ID removed (Read Board Rules)
Link to comment
Share on other sites

Dif to kill the function for 2089M (to allow for a transition period)

game_2089M
0010F5C3: 31 90
0010F5C4: C0 90
0010F5C5: 8B 90
0010F5C6: 03 90
0010F5C7: 8B 90
0010F5C8: 50 90
0010F5C9: F4 90
0010F5CA: 85 90
0010F5CB: D2 90
0010F5CC: 75 90
0010F5CD: 22 90

 

  • Love 1
Link to comment
Share on other sites

  • Honorable Member

Same as iMer's dif but shorter a little:

 

game_2089M

0010F5C3: 31 EB
0010F5C4: C0 09
 

And here are those difs which posted by @Sevence™ just for r34k:

This difference file is created by The Interactive Disassembler

db_r33820_32_u
000925A5: 01 00

 

This difference file is created by The Interactive Disassembler

game_r34083_32
0040DFE5: 01 00

 

Edited by xP3NG3Rx
I hate this posting box -__-
  • Love 2
Link to comment
Share on other sites

Someone change today my player table , and i don`t understand who ..  

Nothing in history ..

I don`t make this tutorial , because here is messenger_list and guild , my problem is in a player . ?

Can be the same problem in my case ?

Link to comment
Share on other sites

after correction can not log into the game, gives following error.

 

1222 13:16:27892 :: 󸮵ÇÁö ¾ÊÀº ÆÐŶ Çì´õ 150, state Game

1222 13:16:30879 :: 󸮵ÇÁö ¾ÊÀº ÆÐŶ Çì´õ 8, state Game

1222 13:16:31209 :: Unknown packet header: 186, last: 72 122

 

 

help me?!?
 

 

 

Link to comment
Share on other sites

  • Moon
1 hour ago, MORTE said:

after correction can not log into the game, gives following error.

 

1222 13:16:27892 :: 󸮵ÇÁö ¾ÊÀº ÆÐŶ Çì´õ 150, state Game

1222 13:16:30879 :: 󸮵ÇÁö ¾ÊÀº ÆÐŶ Çì´õ 8, state Game

1222 13:16:31209 :: Unknown packet header: 186, last: 72 122

 

 

help me?!?
 

 

 

5

I think, it does not relate to the messenger system. You have to check your static packets.

Kind Regards ~ Ken

Do not be sorry, be better.

Link to comment
Share on other sites

  • 2 weeks later...
  • 3 weeks later...

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Activity

    1. 6
    2. 9

      Help in implementing a switch bot

    3. 0

      Special Inventory System Can't Sell To Npc's

    4. 0

      ROV2.GLOBAL | International | Server start 14.05.2022

    5. 75

      Services - System Ard [C ++ / Python / Lua]

    6. 76

      Chatting Window Renewal (Mini Version)

    7. 2

      ItemShop GM ZONE TAB

    8. 9

      Help in implementing a switch bot

  • Recently Browsing

    • No registered users viewing this page.

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.