SQL Injection on Runnable (creating a ^ color name)

[cheaterastic]

Help me please.

Some of cheater in my Gunz Server is doing an SQL Injection from the Runnable. They can create a Color Character Name like ^2My^3Char^4, and I really believe it is an SQL Injection, some of my Gunz Friends also said.

I have change my MSSQL passwords from 'sa' account and other accounts Login. I am using MSSQL 2008 R2

Please help me, why they are able to Inject?

Does this is because of Windows Authentication with no UserName and Password needed?

Please help, they are able to SQL Inject, and they can have color name, only few knows it, almost 5 characters, but if this won't stop, then OMG, this will be bigger. Please help.

I am using Gregon13's Modified Source (CTF + Anti-Lead + DamageCounter + Fixes)

[MentaL]

[ClGames]

try this: http://forum.ragezone.com/f245/sql-exploit-fix-896452/

[Wish Q]

make sure your website isn't injected able. if it is then they can do into your database and change names i think.

[a1tl4]

StrStrI or strstr does the work for you.

[cheaterastic]

Thanks for reply Guys BUT.....

try this: http://forum.ragezone.com/f245/sql-exploit-fix-896452/

That's refer to LOGIN screen. Not on character making.
And I have already activated that / apply it on my source T_T.....

make sure your website isn't injected able. if it is then they can do into your database and change names i think.

Yes. It is not inject able. My website is cannot be SQL Inject. It is on Runnable, I've followed two of Hack/Cheat Color Name, and they said that it is about on Runnable, they are able to create with Color Name and it is about SQL Injection to Runnable.


I know some one expert here can help, please help on SQL Injection on Runnable.
Or please I want to clear up my mind if there is a Hack/DLL that can be used on Runnable / Gregon13's new released / Gunz 1.5. Any ANTI HACK?

1 more thing, they are able to crash my server.

[ngskRabbit]

They can create a Color Character Name like ^2My^3Char^4,

Any problems with it?
They can use more characters for name. Nice to have unique names.
It's great feature for your server.

they are able to crash my server.

Close your MatchServer port (default is TCP 6000). Now server become very safety.

[wesman2232]

Any problems with it?
They can use more characters for name. Nice to have unique names.
It's great feature for your server.

Maybe he wants his users to donate for a special name?

[sahar042]

Thanks for reply Guys BUT.....

That's refer to LOGIN screen. Not on character making.
And I have already activated that / apply it on my source T_T.....

Yes. It is not inject able. My website is cannot be SQL Inject. It is on Runnable, I've followed two of Hack/Cheat Color Name, and they said that it is about on Runnable, they are able to create with Color Name and it is about SQL Injection to Runnable.


I know some one expert here can help, please help on SQL Injection on Runnable.
Or please I want to clear up my mind if there is a Hack/DLL that can be used on Runnable / Gregon13's new released / Gunz 1.5. Any ANTI HACK?

1 more thing, they are able to crash my server.

You want to block it? you need to pay, no one going to help you here for free.
Get developer like everyone.

[Ronny786]

Instead of trying above shits , you can block ^ this function in source or simply block it in database. -___-

[cheaterastic]

Instead of trying above shits , you can block ^ this function in source or simply block it in database. -___-

Thanks for idea, I will try studying about Character Creation disallowing ^ character.

You want to block it? you need to pay, no one going to help you here for free.
Get developer like everyone.

Don't be mad bro. This is FORUM, you are a bad influence! Just shut up, and do your job, go find people to pay for you, money hungry.

[Solaire]

MMatchServer::OnRequestCreateChar()

if (strstr(szCharName, "^")) {
return;
}

/thread