Jump to content
×
×
  • Create New...
  • 0

Mysql EXPLOIT


dako12

Question

Hello

Recently I 've seen many server got their databases deleted..

This is caused from their sites?
or from the new gamefile?

If I block mysql port and connect through ssh and create an account for homepage only to write new accounts will I be protected?

Link to comment
Share on other sites

11 answers to this question

Recommended Posts

  • 0
  • Moon
56 minutes ago, dako12 said:

If I block mysql port and connect through ssh and create an account for homepage only to write new accounts will I be protected?

This thing is not related to the ports. It's related to the messenger system. The exploit is only working when you're trying to remove someone on your friend list. Ymir didn't add a protection for this. In the leaked source files or Vanilla source has the same vulnerability too. I can't say anything about the older game versions because they probably have the same vulnerability too.

Kind Regards ~ Ken

  • Love 1

Do not be sorry, be better.

Link to comment
Share on other sites

  • 0
1 hour ago, Ken said:

This thing is not related to the ports. It's related to the messenger system. The exploit is only working when you're trying to remove someone on your friend list. Ymir didn't add a protection for this. In the leaked source files or Vanilla source has the same vulnerability too. I can't say anything about the older game versions because they probably have the same vulnerability too.

Kind Regards ~ Ken

thanks both of you, so we must implement the fix you shared with us to be safe right?

one more question: if ymir didn't take care of this, can it be done to official too then or not? ;P 

Link to comment
Share on other sites

  • 0
  • Moon
1 minute ago, dako12 said:

thanks both of you, so we must implement the fix you shared with us to be safe right?

one more question: if ymir didn't take care of this, can it be done to official too then or not? ;P 

They already knew this problem before (It's just a guess). The server will ban who tries to use this SQL injection If you implement my code with a ban query.

Kind Regards ~ Ken

  • Love 1

Do not be sorry, be better.

Link to comment
Share on other sites

  • 0
Just now, Ken said:

They already knew this problem before (It's just a guess). The server will ban who tries to use this SQL injection If you implement my code with a ban query.

Kind Regards ~ Ken

so they just let it like this for you developers to be troubled then..

is it possible to add a lib or fix it with a dif to 2.4.1 gamefile of vanilla?
cause of its several bug fixes and stuff I don't think the leaked source of vanilla is better than this or wrong?

Link to comment
Share on other sites

  • 0
  • Moon
6 minutes ago, dako12 said:

so they just let it like this for you developers to be troubled then..

is it possible to add a lib or fix it with a dif to 2.4.1 gamefile of vanilla?
cause of its several bug fixes and stuff I don't think the leaked source of vanilla is better than this or wrong?

Vanilla source could be good in the old days. For now, everyone is using the new source files. (Home-made) I can't say anything about vanilla source is better than every source or something like that. Every source is valuable at the moment. I think there is no a diff for vanilla sources yet.

Kind Regards ~ Ken

Do not be sorry, be better.

Link to comment
Share on other sites

  • 0
  • Honorable Member

No other way than switch to your own source and apply the released fix. 

Or if you know IDA you can try to make a diff. I dont know how IDA works so i can't help here. 

Edit: Also you can add a prefix to the tables and add the prefix to the configuration, this will prevent the attackers from knowing how the table is named. 

  • Love 3
Link to comment
Share on other sites

  • 0
  • Premium

This could be an issue from the port 15000, if he is not protected, anybody can create an auth server which connects to your db core and login any account they want on your server and even delete your databases...

Link to comment
Share on other sites

Create an account or sign in to comment

You need to be a member in order to leave a comment

Create an account

Sign up for a new account in our community. It's easy!

Register a new account

Sign in

Already have an account? Sign in here.

Sign In Now


  • Activity

    1. 2

      Problem freebsd

    2. 0

      Making chain quest

    3. 4

      Ludus2: a metin2-like browser game

    4. 6
    5. 9

      Help in implementing a switch bot

    6. 0

      Special Inventory System Can't Sell To Npc's

    7. 0

      ROV2.GLOBAL | International | Server start 14.05.2022

    8. 75

      Services - System Ard [C ++ / Python / Lua]

  • Recently Browsing

    • No registered users viewing this page.

Important Information

Terms of Use / Privacy Policy / Guidelines / We have placed cookies on your device to help make this website better. You can adjust your cookie settings, otherwise we'll assume you're okay to continue.