fix dboor bug in password

[Bazaid]

hello

With this bug you can change the pass for any player you want

go to password.php

and find hexdec

now change the way how the password encode

like change hexdec to bin2hex or base64 or md5 or rand

Note Pleas Don't pm me for the exploit

 

[CROTeam]

have you maybe working decoded password.php ? thx

 

[funmw2]

have you maybe working decoded password.php ? thx

<?php
require( ".".DIRECTORY_SEPARATOR."app".DIRECTORY_SEPARATOR."boot.php" );
require_once( MODEL_PATH."password.php" );
class GPage
{

    public $pageState = -1;
    public $playerId = NULL;

    public function GPage( )
    {
        parent::gamepage( );
        $this->viewFile = "password.phtml";
        $this->contentCssClass = "activate";
    }

    public function load( )
    {
        parent::load( );
        $m = new PasswordModel( );
        if ( $this->isPost( ) && isset( $_POST['id'] ) && isset( $_POST['email'] ) && is_numeric( $_POST['id'] ) )
        {
            $playerId = intval( $_POST['id'] );
            $email = $_POST['email'];
            $this->pageState = $m->isPlayerIdHasEmail( $playerId, $email ) ? 3 : 2;
            if ( $this->pageState == 3 )
            {
                $name = $m->getPlayerName( $playerId );
                $newPassword = substr( md5( dechex( $playerId * mt_rand( 10, 100 ) ) ), mt_rand( 1, 5 ), 7 );
                $n = dechex( hexdec( $newPassword ) ^ hexdec( substr( md5( $name ), 2, 7 ) ) );
                $link = WebHelper::getbaseurl( )."password.php?id=".$playerId."&n=".$n."&c=".substr( md5( dechex( $playerId ).$name."777" ), 7, 7 );
                $to = $email;
                $from = $this->appConfig['system']['email'];
                $subject = forget_password_subject;
                $message = sprintf( forget_password_body, $name, $name, $newPassword, $link, $link );
                WebHelper::sendmail( $to, $from, $subject, $message );
            }
        }
        else if ( isset( $_GET['id'] ) && is_numeric( $_GET['id'] ) )
        {
            $this->playerId = intval( $_GET['id'] );
            $this->pageState = $m->isPlayerIdExists( $this->playerId ) ? 1 : 0 - 1;
            if ( isset( $_GET['n'] ) && trim( $_GET['n'] ) != "" && isset( $_GET['c'] ) )
            {
                if ( $this->pageState == 1 )
                {
                    $name = $m->getPlayerName( $this->playerId );
                    if ( trim( $_GET['c'] ) == substr( md5( dechex( $this->playerId ).$name."777" ), 7, 7 ) )
                    {
                        $newPassword = dechex( hexdec( $_GET['n'] ) ^ hexdec( substr( md5( $name ), 2, 7 ) ) );
                        $m->setPlayerPassword( $this->playerId, $newPassword );
                        $this->pageState = 4;
                    }
                    else
                    {
                        $this->pageState = 5;
                    }
                }
                else
                {
                    $this->pageState = 5;
                }
            }
        }
        $m->dispose( );
    }

}

$p = new GPage( );
$p->run( );
?>

+ dboor have more bugs
like u can get 9999999999999 troops
and there more bugs u don't know it
but to fix it
need : queuejob.php + queue.php + bulid.php
to fix it .

 

[Bazaid]

have you maybe working decoded password.php ? thx

my decode

You must be registered to see links

 

[NarcisRO]

duck all dboor projects!!

 

[nmilchev]

If you work hard on dboor you can fix almost every thing

 

[Bazaid]

duck all dboor projects!!

yes FUUUUU*** Dboor project :

 

[Eyas95]

+ dboor have more bugs
like u can get 9999999999999 troops
and there more bugs u don't know it
but to fix it
need : queuejob.php + queue.php + bulid.php
to fix it .

funmw2, Can you PM me with how to do the 999999999999 troops. I have been trying to fix it on my server, but a player keeps doing it, and i dont know how to do it, to be able to fix it. So i had to stop my server for maintenance.

Thanks

 

[TekaoX]

I'm interested too

 

[nmilchev]

+ dboor have more bugs
like u can get 9999999999999 troops
and there more bugs u don't know it
but to fix it
need : queuejob.php + queue.php + bulid.php
to fix it .

Here are the queue+queuejob+build

link deleted

 

[Bazaid]

Here are the queue+queuejob+build

View attachment 106822

are you sure it's work ?

i have decode build but have 1 bug
//
unset( $Var_4224[0] );
//

 

[nmilchev]

are you sure it's work ?

i have decode build but have 1 bug
//
unset( $Var_4224[0] );
//

It's work for me so.... Need to work for you too

I have almost all files decoded and fixed such as v2v.php and war.php

If you have any idea how to fix the bug with the 999999999 troops I will send you my files

 

[Bazaid]

It's work for me so.... Need to work for you too

I have almost all files decoded and fixed such as v2v.php and war.php

If you have any idea how to fix the bug with the 999999999 troops I will send you my files

i have war.php decoded 100%
and fix the oasias

 

[nmilchev]

i have war.php decoded 100%
and fix the oasias

I fix the oasis too, but it's not perfect.
If I attack with 1 unit I will get 400 from all resource,
and If I attack again after 10 sec there are again 400 resource from all kind,
So it's not perfect done,

And I'm almost done with all villages overview

Here is one screen