Newbie Spellweaver
- Joined
- Jan 28, 2007
- Messages
- 31
- Reaction score
- 2
Had 20lvl walls/horses..
Join our community of MMO enthusiasts and game developers! By registering, you'll gain access to discussions on the latest developments in MMO server files and collaborate with like-minded individuals. Join us today and unlock the potential of MMO server development!
Join Today!
Had 20lvl walls/horses..
Done testing..
For me, as a novice hacker and good PHP developer, found way too many security issues.
I added gold, troops, buildings to my city easily (by just knowing HTML and using Logic), then I found sql-injection exploitable files (many) and obtained all database data (including admin password, which I used to log in admin panel).
The script is written poorly, making performance leaks and longer compiling times, doing many useless jobs and uses almost no caching at all.. No offence, I wish you luck in php learning and fulfilling the script.
I will PM the exploits to cata7007.
I can, but I have my own things to make. TravianZ developers will fix it.Can you fix it?
just insert first line at tpl file in folder Admin Templates and php file in folder Admin ModDone testing..
For me, as a novice hacker and (almost) good PHP developer, found way too many security issues.
I added gold, troops, buildings to my city easily (by just knowing HTML and using Logic), then I found sql-injection exploitable files (many) and obtained all database data (including admin password, which I used to log in admin panel).
The script is written poorly, making performance leaks and longer compiling times, doing many useless jobs and uses almost no caching at all.. No offence, I wish you luck in php learning and fulfilling the script.
I will PM the exploits to cata7007.
if (!isset($_SESSION)) session_start();
if($_SESSION['access'] < ADMIN) die("Access Denied: You are not Admin!");
$battlepart = $battle->calculateBattle($Attacker,$Defender,$def_wall,$att_tribe,$def_tribe,$residence,$attpop,$defpop,$type,$def_ab,$att_ab1,$att_ab2,$att_ab3,$att_ab4,$att_ab5,$att_ab6,$att_ab7,$att_ab8,$tblevel,$stonemason,$walllevel,0,0,0,$AttackerID,$DefenderID,$AttackerWref,$DefenderWref,$conqureby);