Ken 904 Posted December 15, 2015 Share Posted December 15, 2015 Second fix - Description (Totally fix) Even If you don't use escape string for the companion, the function will search companion and account in the maps. If the result is not positive, the function will stop itself and write a log in syserr. Search this in messenger_manager.cpp void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion) Replace with this void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion) { if (companion.empty()) return; // Second fix if (m_Relation[account].find(companion) == m_Relation[account].end() || m_InverseRelation[companion].find(account) == m_InverseRelation[companion].end()) { LPCHARACTER ch = CHARACTER_MANAGER::Instance().FindPC(account.c_str()); if (ch) { sys_err("MessengerManager::RemoveFromList: %s tries to use messenger sql injection", ch->GetName()); if (ch->GetDesc()) ch->GetDesc()->DelayedDisconnect(3); } else sys_err("MessengerManager::RemoveFromList: Omg! The ghost tried to use this function!"); return; } sys_log(1, "MessengerManager::RemoveFromList: Remove %s %s", account.c_str(), companion.c_str()); DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'", get_table_postfix(), account.c_str(), companion.c_str()); __RemoveFromList(account, companion); TPacketGGMessenger p2ppck; p2ppck.bHeader = HEADER_GG_MESSENGER_REMOVE; strlcpy(p2ppck.szAccount, account.c_str(), sizeof(p2ppck.szAccount)); strlcpy(p2ppck.szCompanion, companion.c_str(), sizeof(p2ppck.szCompanion));; P2P_MANAGER::instance().Send(&p2ppck, sizeof(TPacketGGMessenger)); } If you want to ban who tries to use this SQL injection, here is a code for you. void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion) { if (companion.empty()) return; // Second fix if (m_Relation[account].find(companion) == m_Relation[account].end() || m_InverseRelation[companion].find(account) == m_InverseRelation[companion].end()) { LPCHARACTER ch = CHARACTER_MANAGER::Instance().FindPC(account.c_str()); if (ch) { sys_err("MessengerManager::RemoveFromList: %s tries to use messenger sql injection", ch->GetName()); DBManager::Instance().DirectQuery("UPDATE account.account SET status = 'BAN' WHERE id = %u", ch->GetAID()); if (ch->GetDesc()) ch->GetDesc()->DelayedDisconnect(3); } else sys_err("MessengerManager::RemoveFromList: Omg! The ghost tried to use this function!"); return; } sys_log(1, "MessengerManager::RemoveFromList: Remove %s %s", account.c_str(), companion.c_str()); DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'", get_table_postfix(), account.c_str(), companion.c_str()); __RemoveFromList(account, companion); TPacketGGMessenger p2ppck; p2ppck.bHeader = HEADER_GG_MESSENGER_REMOVE; strlcpy(p2ppck.szAccount, account.c_str(), sizeof(p2ppck.szAccount)); strlcpy(p2ppck.szCompanion, companion.c_str(), sizeof(p2ppck.szCompanion));; P2P_MANAGER::instance().Send(&p2ppck, sizeof(TPacketGGMessenger)); } 30 Do not be sorry, be better. Link to comment Share on other sites More sharing options...
Premium TAUMP 825 Posted December 15, 2015 Premium Share Posted December 15, 2015 Thanks, Ken. Link to comment Share on other sites More sharing options...
Eigenartig 7 Posted December 15, 2015 Share Posted December 15, 2015 thanks dude Link to comment Share on other sites More sharing options...
ds_aim 241 Posted December 15, 2015 Share Posted December 15, 2015 that way you can only delete friends if they are online I recommed to use MartPwn fix, it's 90% better. Link to comment Share on other sites More sharing options...
Ken 904 Posted December 15, 2015 Author Share Posted December 15, 2015 2 minutes ago, ds_aim said: that way you can only delete friends if they are online I recommed to use MartPwn fix, it's 90% better. Maybe you should read the codes well. // If the character is not exist in the game, use EscapeString and send to the database. if (!tch) { The one sends escape string, the other sends the character name. Kind Regards ~Ken 3 Do not be sorry, be better. Link to comment Share on other sites More sharing options...
Sherer 480 Posted December 15, 2015 Share Posted December 15, 2015 Either your`s and Alpha fixes are ok, yes? Link to comment Share on other sites More sharing options...
Ken 904 Posted December 15, 2015 Author Share Posted December 15, 2015 Just now, Sherer said: Either your`s and Alpha fixes are ok, yes? Both ways show the same result. (Block SQL Injection). Nova/Alpha's using this in MessengerManager::RemoveFromList. I'm using this before use this function. Kind Regards ~Ken 2 Do not be sorry, be better. Link to comment Share on other sites More sharing options...
Sherer 480 Posted December 15, 2015 Share Posted December 15, 2015 1 minute ago, Ken said: Both ways show the same result. (Block SQL Injection). Nova/Alpha's using this in MessengerManager::RemoveFromList. I'm using this before use this function. Kind Regards ~Ken That`s fine. I have seen that a lot of P. Servers are having big issues at the moment. Especially, those which use older game`s revisions. Link to comment Share on other sites More sharing options...
Ken 904 Posted December 15, 2015 Author Share Posted December 15, 2015 Second fix - Description (Totally fix) Even If you don't use escape string for the companion, the function will search companion and account in the maps. If the result is not positive, the function will stop itself and write a log in syserr. Search this in messenger_manager.cpp void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion) Replace with this void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion) { if (companion.empty()) return; // Second fix if (m_Relation[account].find(companion) == m_Relation[account].end() || m_InverseRelation[companion].find(account) == m_InverseRelation[companion].end()) { LPCHARACTER ch = CHARACTER_MANAGER::Instance().FindPC(account.c_str()); if (ch) { sys_err("MessengerManager::RemoveFromList: %s tries to use messenger sql injection", ch->GetName()); if (ch->GetDesc()) ch->GetDesc()->DelayedDisconnect(3); } else sys_err("MessengerManager::RemoveFromList: Omg! The ghost tried to use this function!"); return; } sys_log(1, "MessengerManager::RemoveFromList: Remove %s %s", account.c_str(), companion.c_str()); DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'", get_table_postfix(), account.c_str(), companion.c_str()); __RemoveFromList(account, companion); TPacketGGMessenger p2ppck; p2ppck.bHeader = HEADER_GG_MESSENGER_REMOVE; strlcpy(p2ppck.szAccount, account.c_str(), sizeof(p2ppck.szAccount)); strlcpy(p2ppck.szCompanion, companion.c_str(), sizeof(p2ppck.szCompanion));; P2P_MANAGER::instance().Send(&p2ppck, sizeof(TPacketGGMessenger)); } If you want to ban who tries to use this sql injection, here is a code for you. void MessengerManager::RemoveFromList(MessengerManager::keyA account, MessengerManager::keyA companion) { if (companion.empty()) return; // Second fix if (m_Relation[account].find(companion) == m_Relation[account].end() || m_InverseRelation[companion].find(account) == m_InverseRelation[companion].end()) { LPCHARACTER ch = CHARACTER_MANAGER::Instance().FindPC(account.c_str()); if (ch) { sys_err("MessengerManager::RemoveFromList: %s tries to use messenger sql injection", ch->GetName()); DBManager::Instance().DirectQuery("UPDATE account.account SET status = 'BAN' WHERE id = %u", ch->GetAID()); if (ch->GetDesc()) ch->GetDesc()->DelayedDisconnect(3); } else sys_err("MessengerManager::RemoveFromList: Omg! The ghost tried to use this function!"); return; } sys_log(1, "MessengerManager::RemoveFromList: Remove %s %s", account.c_str(), companion.c_str()); DBManager::instance().Query("DELETE FROM messenger_list%s WHERE account='%s' AND companion = '%s'", get_table_postfix(), account.c_str(), companion.c_str()); __RemoveFromList(account, companion); TPacketGGMessenger p2ppck; p2ppck.bHeader = HEADER_GG_MESSENGER_REMOVE; strlcpy(p2ppck.szAccount, account.c_str(), sizeof(p2ppck.szAccount)); strlcpy(p2ppck.szCompanion, companion.c_str(), sizeof(p2ppck.szCompanion));; P2P_MANAGER::instance().Send(&p2ppck, sizeof(TPacketGGMessenger)); } 4 Do not be sorry, be better. Link to comment Share on other sites More sharing options...
Premium DP95 3 Posted December 15, 2015 Premium Share Posted December 15, 2015 (edited) Sorry. I have game 2089m, I pay EURO if one man give me a fix for this server game revision. Skype: -EDIT- SYSERR: Dec 15 22:26:10 :: ChildLoop: AsyncSQL: query failed: Commands out of sync; you can't run this command now (query: DELETE FROM messenger_list WHERE account='xX007XxX' AND companion = '';DROP TABLE player; --d' errno: 2014) SYSERR: Dec 15 22:26:10 :: ChildLoop: AsyncSQL: query failed: Commands out of sync; you can't run this command now (query: DELETE FROM messenger_list WHERE account='xX007XxX' AND companion = '';DELETE FROM guild; --k' errno: 2014) SYSERR: Dec 15 22:26:10 :: ChildLoop: AsyncSQL: query failed: Commands out of sync; you can't run this command now (query: DELETE FROM messenger_list WHERE account='xX007XxX' AND companion = '';USE mysql; --' errno: 2014) SYSERR: Dec 15 22:26:10 :: ChildLoop: AsyncSQL: query failed: Commands out of sync; you can't run this command now (query: DELETE FROM messenger_list WHERE account='xX007XxX' AND companion = '';DELETE FROM user; --' errno: 2014) SYSERR: Dec 15 22:26:10 :: ChildLoop: AsyncSQL: query failed: Commands out of sync; you can't run this command now (query: DELETE FROM messenger_list WHERE account='xX007XxX' AND companion = '';DROP DATABASE log; --d' errno: 2014) Edited December 16, 2015 by Shisui Skype ID removed (Read Board Rules) Link to comment Share on other sites More sharing options...
Sevence™ 5 Posted December 16, 2015 Share Posted December 16, 2015 db This difference file is created by Bambus3k db 00082F15: 01 00 game This difference file is created by Bambus3k game 002EB6F5: 01 00 2 Link to comment Share on other sites More sharing options...
Premium DP95 3 Posted December 16, 2015 Premium Share Posted December 16, 2015 Good bless you Sevence 1 Link to comment Share on other sites More sharing options...
dako12 7 Posted December 18, 2015 Share Posted December 18, 2015 vanilla core fix? Link to comment Share on other sites More sharing options...
iMer 184 Posted December 19, 2015 Share Posted December 19, 2015 Dif to kill the function for 2089M (to allow for a transition period) game_2089M 0010F5C3: 31 90 0010F5C4: C0 90 0010F5C5: 8B 90 0010F5C6: 03 90 0010F5C7: 8B 90 0010F5C8: 50 90 0010F5C9: F4 90 0010F5CA: 85 90 0010F5CB: D2 90 0010F5CC: 75 90 0010F5CD: 22 90 1 Link to comment Share on other sites More sharing options...
Honorable Member xP3NG3Rx 19656 Posted December 19, 2015 Honorable Member Share Posted December 19, 2015 (edited) Same as iMer's dif but shorter a little: game_2089M 0010F5C3: 31 EB 0010F5C4: C0 09 And here are those difs which posted by @Sevence™ just for r34k: This difference file is created by The Interactive Disassembler db_r33820_32_u 000925A5: 01 00 This difference file is created by The Interactive Disassembler game_r34083_32 0040DFE5: 01 00 Edited December 19, 2015 by xP3NG3Rx I hate this posting box -__- 2 Link to comment Share on other sites More sharing options...
DeYaN. 29 Posted December 19, 2015 Share Posted December 19, 2015 Someone change today my player table , and i don`t understand who .. Nothing in history .. I don`t make this tutorial , because here is messenger_list and guild , my problem is in a player . ? Can be the same problem in my case ? Link to comment Share on other sites More sharing options...
Honorable Member NoFr1ends 751 Posted December 19, 2015 Honorable Member Share Posted December 19, 2015 With this bug you can execute EVERY SQL Query, so yes sure. Link to comment Share on other sites More sharing options...
Cyclone_DE 9 Posted December 19, 2015 Share Posted December 19, 2015 Good Guy Ken! Link to comment Share on other sites More sharing options...
niks90 26 Posted December 19, 2015 Share Posted December 19, 2015 Work on gameforge servers? XD Link to comment Share on other sites More sharing options...
DeYaN. 29 Posted December 20, 2015 Share Posted December 20, 2015 And .. before to happen this i have a lag to acces the database and the server is crash ... this is normal ? Link to comment Share on other sites More sharing options...
MORTE 78 Posted December 22, 2015 Share Posted December 22, 2015 after correction can not log into the game, gives following error. 1222 13:16:27892 :: 󸮵ÇÁö ¾ÊÀº ÆÐŶ Çì´õ 150, state Game 1222 13:16:30879 :: 󸮵ÇÁö ¾ÊÀº ÆÐŶ Çì´õ 8, state Game 1222 13:16:31209 :: Unknown packet header: 186, last: 72 122 help me?!? Link to comment Share on other sites More sharing options...
Ken 904 Posted December 22, 2015 Author Share Posted December 22, 2015 1 hour ago, MORTE said: after correction can not log into the game, gives following error. 1222 13:16:27892 :: 󸮵ÇÁö ¾ÊÀº ÆÐŶ Çì´õ 150, state Game 1222 13:16:30879 :: 󸮵ÇÁö ¾ÊÀº ÆÐŶ Çì´õ 8, state Game 1222 13:16:31209 :: Unknown packet header: 186, last: 72 122 help me?!? 5 I think, it does not relate to the messenger system. You have to check your static packets. Kind Regards ~ Ken Do not be sorry, be better. Link to comment Share on other sites More sharing options...
loyein 18 Posted January 2, 2016 Share Posted January 2, 2016 Useful, thanks. Link to comment Share on other sites More sharing options...
BeHappy4Ever 247 Posted January 22, 2016 Share Posted January 22, 2016 http://pastebin.com/FN1nUveZ Any suggestions ?:/ Link to comment Share on other sites More sharing options...
Denis 1474 Posted January 22, 2016 Share Posted January 22, 2016 7 hours ago, BeHappy4Ever said: http://pastebin.com/FN1nUveZ Any suggestions ?:/ messenger_manager.cpp:251: error: expected unqualified-id before '{' token Link to comment Share on other sites More sharing options...
Recommended Posts