Hi,
Well I've been through this stage where people said about ;flagme being some sort of exploit or a way to allow packets into your retro.
What does this so called "exploit" do?
Thanks for explaining.
Printable View
Hi,
Well I've been through this stage where people said about ;flagme being some sort of exploit or a way to allow packets into your retro.
What does this so called "exploit" do?
Thanks for explaining.
It's never come to my attention that flagme could be an exploit. Anyway, an exploit is a piece of data that can be used to take advantage over a vulnerability (in that case, in your hotel), whether is a bad written code or a field that can be injected to act the way it wasn't meant to be.Quote:
Originally Posted by RickyMeekle123
Hmm,
Alright thanks.
Can be used as an 'exploit' in Phoenix versions 3.7 and below. Not direct inject or packet editing, but more tricking someone and then hijacking their rooms and items.
So if you stick with a newer version of Phoenix or with a good edit, such as Gold Tree, you're golden :thumbup:Quote:
Originally Posted by FatalLulz
With some emulators they do not have proper validation to check if the username has been taken, so some people will send a packet through to change their name to an already taken name.
Ways to prevent this?
- Username field in the database should be unique.
- Proper validation on the packet used to change a username.
Very solid answer, the first one seems to be the most straightforward for a beginnerQuote:
Originally Posted by Sledmore
Yeah, so does that mean the release of shamike's Gold Tree Emulator edit is secure for flagme?
(http://forum.ragezone.com/f353/gold-...dited-1039245/)
Test it yourself. Make a second account, type flag me and see if you can make the name the same as yours or another characters.Quote:
Originally Posted by RickyMeekle123
No I can't. I just don't trust the packet way of changing your username into someone elses.