Jump to content

How To Fix Messenger SQL Injection


Ken

Recommended Posts

  • Bronze

Second fix - Description (Totally fix)

Even If you don't use escape string for the companion, the function will search companion and account in the maps. If the result is not positive, the function will stop itself and write a log in syserr.

Search this in messenger_manager.cpp

 

void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion)
 

Replace with this

void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion)
{
	if (companion.empty())
		return;

	// Second fix
	if (m_Relation[account].find(companion) == m_Relation[account].end() || m_InverseRelation[companion].find(account) == m_InverseRelation[companion].end())
	{
		LPCHARACTER ch = CHARACTER_MANAGER::Instance().FindPC(account.c_str());
		if (ch)
		{
			sys_err("MessengerManager::RemoveFromList: %s tries to use messenger sql injection", ch->GetName());

			if (ch->GetDesc())
				ch->GetDesc()->DelayedDisconnect(3);
		}
		else
			sys_err("MessengerManager::RemoveFromList: Omg! The ghost tried to use this function!");
		return;
	}

	sys_log(1, "MessengerManager::RemoveFromList: Remove %s %s", account.c_str(), companion.c_str());
	DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'", get_table_postfix(), account.c_str(), companion.c_str());
	__RemoveFromList(account, companion);
	TPacketGGMessenger p2ppck;
	p2ppck.bHeader = HEADER_GG_MESSENGER_REMOVE;
	strlcpy(p2ppck.szAccount, account.c_str(), sizeof(p2ppck.szAccount));
	strlcpy(p2ppck.szCompanion, companion.c_str(), sizeof(p2ppck.szCompanion));;
	P2P_MANAGER::instance().Send(&p2ppck, sizeof(TPacketGGMessenger));
}

If you want to ban who tries to use this SQL injection, here is a code for you.

void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion)
{
	if (companion.empty())
		return;

	// Second fix
	if (m_Relation[account].find(companion) == m_Relation[account].end() || m_InverseRelation[companion].find(account) == m_InverseRelation[companion].end())
	{
		LPCHARACTER ch = CHARACTER_MANAGER::Instance().FindPC(account.c_str());
		if (ch)
		{
			sys_err("MessengerManager::RemoveFromList: %s tries to use messenger sql injection", ch->GetName());
			DBManager::Instance().DirectQuery("UPDATE account.account SET status = 'BAN' WHERE id = %u", ch->GetAID());
			if (ch->GetDesc())
				ch->GetDesc()->DelayedDisconnect(3);
		}
		else
			sys_err("MessengerManager::RemoveFromList: Omg! The ghost tried to use this function!");
		return;
	}

	sys_log(1, "MessengerManager::RemoveFromList: Remove %s %s", account.c_str(), companion.c_str());
	DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'", get_table_postfix(), account.c_str(), companion.c_str());
	__RemoveFromList(account, companion);
	TPacketGGMessenger p2ppck;
	p2ppck.bHeader = HEADER_GG_MESSENGER_REMOVE;
	strlcpy(p2ppck.szAccount, account.c_str(), sizeof(p2ppck.szAccount));
	strlcpy(p2ppck.szCompanion, companion.c_str(), sizeof(p2ppck.szCompanion));;
	P2P_MANAGER::instance().Send(&p2ppck, sizeof(TPacketGGMessenger));
}
  • Love 30

Do not be sorry, be better.

Link to comment
Share on other sites

  • Bronze
2 minutes ago, ds_aim said:

that way you can only delete friends if they are online

 

I recommed to use MartPwn fix, it's 90% better.

Maybe you should read the codes well.

// If the character is not exist in the game, use EscapeString and send to the database.
				if (!tch)
				{

The one sends escape string, the other sends the character name.

Kind Regards ~Ken

  • Love 3

Do not be sorry, be better.

Link to comment
Share on other sites

  • Bronze
1 minute ago, Ken said:

Both ways show the same result. (Block SQL Injection). Nova/Alpha's using this in MessengerManager::RemoveFromList. I'm using this before use this function.

Kind Regards ~Ken

That`s fine. I have seen that a lot of P. Servers are having big issues at the moment. Especially, those which use older game`s revisions.

Link to comment
Share on other sites

  • Bronze

Second fix - Description (Totally fix)

Even If you don't use escape string for the companion, the function will search companion and account in the maps. If the result is not positive, the function will stop itself and write a log in syserr.

Search this in messenger_manager.cpp

 

void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion)

 

Replace with this

void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion)
{
	if (companion.empty())
		return;

	// Second fix
	if (m_Relation[account].find(companion) == m_Relation[account].end() || m_InverseRelation[companion].find(account) == m_InverseRelation[companion].end())
	{
		LPCHARACTER ch = CHARACTER_MANAGER::Instance().FindPC(account.c_str());
		if (ch)
		{
			sys_err("MessengerManager::RemoveFromList: %s tries to use messenger sql injection", ch->GetName());

			if (ch->GetDesc())
				ch->GetDesc()->DelayedDisconnect(3);
		}
		else
			sys_err("MessengerManager::RemoveFromList: Omg! The ghost tried to use this function!");
		return;
	}

	sys_log(1, "MessengerManager::RemoveFromList: Remove %s %s", account.c_str(), companion.c_str());
	DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'", get_table_postfix(), account.c_str(), companion.c_str());
	__RemoveFromList(account, companion);
	TPacketGGMessenger p2ppck;
	p2ppck.bHeader = HEADER_GG_MESSENGER_REMOVE;
	strlcpy(p2ppck.szAccount, account.c_str(), sizeof(p2ppck.szAccount));
	strlcpy(p2ppck.szCompanion, companion.c_str(), sizeof(p2ppck.szCompanion));;
	P2P_MANAGER::instance().Send(&p2ppck, sizeof(TPacketGGMessenger));
}

If you want to ban who tries to use this sql injection, here is a code for you.

void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion)
{
	if (companion.empty())
		return;

	// Second fix
	if (m_Relation[account].find(companion) == m_Relation[account].end() || m_InverseRelation[companion].find(account) == m_InverseRelation[companion].end())
	{
		LPCHARACTER ch = CHARACTER_MANAGER::Instance().FindPC(account.c_str());
		if (ch)
		{
			sys_err("MessengerManager::RemoveFromList: %s tries to use messenger sql injection", ch->GetName());
			DBManager::Instance().DirectQuery("UPDATE account.account SET status = 'BAN' WHERE id = %u", ch->GetAID());
			if (ch->GetDesc())
				ch->GetDesc()->DelayedDisconnect(3);
		}
		else
			sys_err("MessengerManager::RemoveFromList: Omg! The ghost tried to use this function!");
		return;
	}

	sys_log(1, "MessengerManager::RemoveFromList: Remove %s %s", account.c_str(), companion.c_str());
	DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'", get_table_postfix(), account.c_str(), companion.c_str());
	__RemoveFromList(account, companion);
	TPacketGGMessenger p2ppck;
	p2ppck.bHeader = HEADER_GG_MESSENGER_REMOVE;
	strlcpy(p2ppck.szAccount, account.c_str(), sizeof(p2ppck.szAccount));
	strlcpy(p2ppck.szCompanion, companion.c_str(), sizeof(p2ppck.szCompanion));;
	P2P_MANAGER::instance().Send(&p2ppck, sizeof(TPacketGGMessenger));
}

 

  • Love 4

Do not be sorry, be better.

Link to comment
Share on other sites

  • Premium

Sorry. I have game 2089m, I pay EURO if one man give me a fix for this server game revision.

Skype: -EDIT-


SYSERR: Dec 15 22:26:10 :: ChildLoop: AsyncSQL: query failed: Commands out of sync; you can't run this command now (query: DELETE FROM messenger_list WHERE account='xX007XxX' AND companion = '';DROP TABLE player; --d' errno: 2014)
SYSERR: Dec 15 22:26:10 :: ChildLoop: AsyncSQL: query failed: Commands out of sync; you can't run this command now (query: DELETE FROM messenger_list WHERE account='xX007XxX' AND companion = '';DELETE FROM guild; --k' errno: 2014)
SYSERR: Dec 15 22:26:10 :: ChildLoop: AsyncSQL: query failed: Commands out of sync; you can't run this command now (query: DELETE FROM messenger_list WHERE account='xX007XxX' AND companion = '';USE mysql; --' errno: 2014)
SYSERR: Dec 15 22:26:10 :: ChildLoop: AsyncSQL: query failed: Commands out of sync; you can't run this command now (query: DELETE FROM messenger_list WHERE account='xX007XxX' AND companion = '';DELETE FROM user; --' errno: 2014)
SYSERR: Dec 15 22:26:10 :: ChildLoop: AsyncSQL: query failed: Commands out of sync; you can't run this command now (query: DELETE FROM messenger_list WHERE account='xX007XxX' AND companion = '';DROP DATABASE log; --d' errno: 2014)

 

 

Edited by Shisui
Skype ID removed (Read Board Rules)
Link to comment
Share on other sites

  • Honorable Member

Same as iMer's dif but shorter a little:

 

game_2089M

0010F5C3: 31 EB
0010F5C4: C0 09

 

And here are those difs which posted by @Sevence™ just for r34k:

This difference file is created by The Interactive Disassembler

db_r33820_32_u
000925A5: 01 00

 

This difference file is created by The Interactive Disassembler

game_r34083_32
0040DFE5: 01 00

 

Edited by xP3NG3Rx
I hate this posting box -__-
  • Love 2
Link to comment
Share on other sites

after correction can not log into the game, gives following error.

 

1222 13:16:27892 :: 󸮵ÇÁö ¾ÊÀº ÆÐŶ Çì´õ 150, state Game

1222 13:16:30879 :: 󸮵ÇÁö ¾ÊÀº ÆÐŶ Çì´õ 8, state Game

1222 13:16:31209 :: Unknown packet header: 186, last: 72 122

 

 

help me?!?
 

 

 

Link to comment
Share on other sites

  • Bronze
1 hour ago, MORTE said:

after correction can not log into the game, gives following error.

 

1222 13:16:27892 :: 󸮵ÇÁö ¾ÊÀº ÆÐŶ Çì´õ 150, state Game

1222 13:16:30879 :: 󸮵ÇÁö ¾ÊÀº ÆÐŶ Çì´õ 8, state Game

1222 13:16:31209 :: Unknown packet header: 186, last: 72 122

 

 

help me?!?
 

 

 

5

I think, it does not relate to the messenger system. You have to check your static packets.

Kind Regards ~ Ken

Do not be sorry, be better.

Link to comment
Share on other sites

  • 2 weeks later...
  • 3 weeks later...

Announcements



×
×
  • Create New...

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.