Removed
Removed
Last edited by Gunblade; 14-06-13 at 10:13 PM.
ty, this help full,
i'm add this right now !!
No... This is not the only way to do it i have alot of more places i patched it on my server.
And you need to do it here:
void MMatchServer::OnRequestDeleteChar(const MUID& uidPlayer, const int nCharIndex, const char* szCharName)
You don't have to patch it there.Originally Posted by sahar042
I did it in this place and it's working for me (I checked it).
I'm not even going to argue with you, have a nice day sir.
Oh right i checked it it's better to do it on this place, i will replace all the places i patched to this one thank you sir. And i gave it to Max this exploit to block it and have more then 1.
Last edited by sahar042; 22-12-12 at 08:52 PM.
I've seen that both sides works xD !
thanks gunblade u are the best!
Checking for ' only would suffice. Also, deleteclan, createcharacter, etc.
why are there so many exploits in MMatchDBMgr?
Is it possible to inject using Create Clan xD ... I've never tried this O.o
and to patch Create Clan and Deleteclan sql inject fix patch have?
( GunZ July 21 2008)
To finish what Gunblade was going to say:
It honestly doesn't matter, as long as it doesn't execute the query. Putting it in OnRequestDeleteChar is a bit more effecient, since it doesn't have to go through everything up till the function that executes the query. But other than that, no difference.
(Hint, there's like 2(??) functions that get called to execute a query. Fix it in them.) --Edit, I may be thinking of a different game. If I'm mistaken, excuse this.
I'm still baffled why you all are still messing with GunZ. You have RealSpace 1 & 2, Mint, RealSound (and FMOD) and CML, why doesn't everyone just work together on a new GunZ-style game? Lol, couldn't even finish that without laughing.
Oh, the irony.
PenguinGuy, Money dominates and not everyone have time :)
Yeah, that's obviously the reason, not the lack of knowledge.
But we are on Ragezone, knowledge and talent is everywhere the eye can see.
@thread thanks for the fix
SQL Inject fix ? Patch?
he means its not only deletecharacter.
More would have to protect the clan close?
Ironic? .... What? I'm basically saying go make a game in its nature, as an example is Medal of Honor (newer ones) and BattleField BC 2. They each have their own different aspect, yet aiming on the same genre and fighting style. It's actually a terrible example, but one that should suffice.... Hopefully.
@Wucas, knowledge is everywhere. Except here.
So why are you not making it?
The irony of someone in this GunZ community being able to even strip GunZ from the Realspace engine.
Because MMatchDBMgr is one of the classes (if not the only one) that works directly with the database, and it lacks basic integrity checks (like strip strings of ' ).
Reply With Quote