Welcome!

Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!

Join Today!

[Security Update] About hidden GM accounts

Status
Not open for further replies.
Joined
Jan 14, 2007
Messages
509
Reaction score
85
Just wanted to let people know that there are few GM accounts hard-coded into zoneserver. i.e. even when the accounts are not in GMInfo.ini, they will work as a GM account & players can simply register those accounts and use all GM powers.

To find out those GM accounts, Just use a hex editor to open zoneserver.exe and search for a3gm1

You will be able to see some more GM accounts. Simply edit it and rename it to any other word and/or register those accounts yourself so that people can not misuse it.

I checked the same in 202 , 205 , 219 server files and all of these includes the IDs in their ZS. (120 files were not having these entries in ZS)

The GM ids are not the only security glitch in our files, there are many more to check.. I request people to share the info if they get to know about them. As this forum gave you too many ideas and information, atleast return something to it!
 
Goodbye
Member
Joined
Oct 6, 2009
Messages
965
Reaction score
134
nice timing, hahahaha how u got that? random search in 25MB file?
 
Goodbye
Member
Joined
Oct 6, 2009
Messages
965
Reaction score
134
This GM thing is not a bug, it's obviously designed that way. And ZS code clearly checks for these accounts when a gm command is issued.

I haven't dug deep in zs code but my guess is that it serves a purpose which at the moment isn't clear.
 
Joined
Jan 14, 2007
Messages
509
Reaction score
85
This GM thing is not a bug, it's obviously designed that way. And ZS code clearly checks for these accounts when a gm command is issued.

I haven't dug deep in zs code but my guess is that it serves a purpose which at the moment isn't clear.
Obviously it isn't a bug, Its designed that way only.. But for them who don't have info about it and still running a server.. That's a huge bug! :tongue:

You mean there are more vulnerable bugs that can make a server Issue's?
Yes there are more.. but i ain't gonna post it here until i find a solution for those myself.. (As i too own a small server which will be vulnerable if i post)
 
Goodbye
Member
Joined
Oct 6, 2009
Messages
965
Reaction score
134
That's not a bug, only "kachadiya" wouldn't change the password in a live server.
 
Status
Not open for further replies.
Back
Top