Hi,
Well I've been through this stage where people said about ;flagme being some sort of exploit or a way to allow packets into your retro.
What does this so called "exploit" do?
Thanks for explaining.
Hi,
Well I've been through this stage where people said about ;flagme being some sort of exploit or a way to allow packets into your retro.
What does this so called "exploit" do?
Thanks for explaining.
It's never come to my attention that flagme could be an exploit. Anyway, an exploit is a piece of data that can be used to take advantage over a vulnerability (in that case, in your hotel), whether is a bad written code or a field that can be injected to act the way it wasn't meant to be.Originally Posted by RickyMeekle123
Hmm,
Alright thanks.
Can be used as an 'exploit' in Phoenix versions 3.7 and below. Not direct inject or packet editing, but more tricking someone and then hijacking their rooms and items.
So if you stick with a newer version of Phoenix or with a good edit, such as Gold Tree, you're golden
With some emulators they do not have proper validation to check if the username has been taken, so some people will send a packet through to change their name to an already taken name.
Ways to prevent this?
- Username field in the database should be unique.
- Proper validation on the packet used to change a username.
Very solid answer, the first one seems to be the most straightforward for a beginner
Yeah, so does that mean the release of shamike's Gold Tree Emulator edit is secure for flagme?
(http://forum.ragezone.com/f353/gold-...dited-1039245/)
Test it yourself. Make a second account, type flag me and see if you can make the name the same as yours or another characters.
No I can't. I just don't trust the packet way of changing your username into someone elses.
Reply With Quote