Tutorial rezolvare vulnerabilitate in messenger Metin2 Tipărire

  • 0

Exista o vulnerabilitate in messenger, friend list si creare breasla unde poti executa un code sql ce sterge tabelele din player.

Rezolvarile sunt urmatoarele :

Game 2089

  • Diff game:

002EB6F5: 01 00

  • Diff database:

00082F15: 01 00

Game 34k

  • Diff game:

game_r34083_32
0040DFE5: 01 00

  • Diff database:

db_r33820_32_u
000925A5: 01 00

Game 40k

Cautati fisierul db.cpp, il deschideti iar in el cautati urmatoarea linie :

void DBManager::Query(const char * c_pszFormat, …)

si inlocuiti toata linia cu :

void DBManager::Query(const char * c_pszFormat, …)
{
char szQuery[4096];
va_list args;

va_start(args, c_pszFormat);
vsnprintf(szQuery, sizeof(szQuery), c_pszFormat, args);
va_end(args);
std::string sQuery(szQuery);

m_sql.AsyncQuery(sQuery.substr(0,sQuery.find_first_of(„;”)==-1?sQuery.length(): sQuery.find_first_of(„;”)).c_str());
}

dupa aceea cautati linia :

SQLMsg * DBManager::DirectQuery(const char * c_pszFormat, …)

pe care o inlocuiti cu :

SQLMsg * DBManager::DirectQuery(const char * c_pszFormat, …)
{
char szQuery[4096];
va_list args;
va_start(args, c_pszFormat);
vsnprintf(szQuery, sizeof(szQuery), c_pszFormat, args);
va_end(args);
std::string sQuery(szQuery);
return m_sql_direct.DirectQuery(sQuery.substr(0, sQuery.find_first_of(„;”) == -1 ? sQuery.length() : sQuery.find_first_of(„;”)).c_str());
}


Răspunsul a fost util?

« înapoi

Te muti la noi?

Migrarea catre un nou furnizor de hosting poate fi extrem de complicata .
Fii relaxat si lasa-i expertii nostri sa o faca! Vom muta site-ul existent în 48 de ore, fara intrerupere .
Inclus GRATUIT la achizitionarea oricarui pachet de gazduire .