SQL Injection on Runnable (creating a ^ color name)
Help me please.
Some of cheater in my Gunz Server is doing an SQL Injection from the Runnable. They can create a Color Character Name like ^2My^3Char^4, and I really believe it is an SQL Injection, some of my Gunz Friends also said.
I have change my MSSQL passwords from 'sa' account and other accounts Login. I am using MSSQL 2008 R2
Please help me, why they are able to Inject?
Does this is because of Windows Authentication with no UserName and Password needed?
Please help, they are able to SQL Inject, and they can have color name, only few knows it, almost 5 characters, but if this won't stop, then OMG, this will be bigger. Please help.
I am using Gregon13's Modified Source (CTF + Anti-Lead + DamageCounter + Fixes)
Re: SQL Injection on Runnable (creating a ^ color name)
Re: SQL Injection on Runnable (creating a ^ color name)
make sure your website isn't injected able. if it is then they can do into your database and change names i think.
Re: SQL Injection on Runnable (creating a ^ color name)
StrStrI or strstr does the work for you.
Re: SQL Injection on Runnable (creating a ^ color name)
Thanks for reply Guys BUT.....
Quote:
Originally Posted by
ClGames
That's refer to LOGIN screen. Not on character making.
And I have already activated that / apply it on my source T_T.....
Quote:
Originally Posted by
Wish Q
make sure your website isn't injected able. if it is then they can do into your database and change names i think.
Yes. It is not inject able. My website is cannot be SQL Inject. It is on Runnable, I've followed two of Hack/Cheat Color Name, and they said that it is about on Runnable, they are able to create with Color Name and it is about SQL Injection to Runnable.
I know some one expert here can help, please help on SQL Injection on Runnable.
Or please I want to clear up my mind if there is a Hack/DLL that can be used on Runnable / Gregon13's new released / Gunz 1.5. Any ANTI HACK?
1 more thing, they are able to crash my server.
Re: SQL Injection on Runnable (creating a ^ color name)
Quote:
Originally Posted by
cheaterastic
They can create a Color Character Name like ^2My^3Char^4,
Any problems with it?
They can use more characters for name. Nice to have unique names.
It's great feature for your server.
Quote:
Originally Posted by
cheaterastic
they are able to crash my server.
Close your MatchServer port (default is TCP 6000). Now server become very safety.
Re: SQL Injection on Runnable (creating a ^ color name)
Quote:
Originally Posted by
ngskRabbit
Any problems with it?
They can use more characters for name. Nice to have unique names.
It's great feature for your server.
Maybe he wants his users to donate for a special name?
Re: SQL Injection on Runnable (creating a ^ color name)
Quote:
Originally Posted by
cheaterastic
Thanks for reply Guys BUT.....
That's refer to LOGIN screen. Not on character making.
And I have already activated that / apply it on my source T_T.....
Yes. It is not inject able. My website is cannot be SQL Inject. It is on Runnable, I've followed two of Hack/Cheat Color Name, and they said that it is about on Runnable, they are able to create with Color Name and it is about SQL Injection to Runnable.
I know some one expert here can help, please help on SQL Injection on Runnable.
Or please I want to clear up my mind if there is a Hack/DLL that can be used on Runnable / Gregon13's new released / Gunz 1.5. Any ANTI HACK?
1 more thing, they are able to crash my server.
You want to block it? you need to pay, no one going to help you here for free.
Get developer like everyone.
Re: SQL Injection on Runnable (creating a ^ color name)
Instead of trying above shits , you can block ^ this function in source or simply block it in database. -___-
Re: SQL Injection on Runnable (creating a ^ color name)
Quote:
Originally Posted by
Ronny786
Instead of trying above shits , you can block ^ this function in source or simply block it in database. -___-
Thanks for idea, I will try studying about Character Creation disallowing ^ character.
Quote:
Originally Posted by
sahar042
You want to block it? you need to pay, no one going to help you here for free.
Get developer like everyone.
Don't be mad bro. This is FORUM, you are a bad influence! Just shut up, and do your job, go find people to pay for you, money hungry.
Re: SQL Injection on Runnable (creating a ^ color name)
MMatchServer::OnRequestCreateChar()
if (strstr(szCharName, "^")) {
return;
}
/thread
