Exista o vulnerabilitate in messenger, friend list si creare breasla unde poti executa un code sql ce sterge tabelele din player.
Rezolvarile sunt urmatoarele :
Game 2089
- Diff game:
002EB6F5: 01 00
- Diff database:
00082F15: 01 00
Game 34k
- Diff game:
game_r34083_32
0040DFE5: 01 00
- Diff database:
db_r33820_32_u
000925A5: 01 00
Game 40k
Cautati fisierul db.cpp, il deschideti iar in el cautati urmatoarea linie :
void DBManager::Query(const char * c_pszFormat, …)
si inlocuiti toata linia cu :
void DBManager::Query(const char * c_pszFormat, …)
{
char szQuery[4096];
va_list args;va_start(args, c_pszFormat);
vsnprintf(szQuery, sizeof(szQuery), c_pszFormat, args);
va_end(args);
std::string sQuery(szQuery);m_sql.AsyncQuery(sQuery.substr(0,sQuery.find_first_of(„;”)==-1?sQuery.length(): sQuery.find_first_of(„;”)).c_str());
}
dupa aceea cautati linia :
SQLMsg * DBManager::DirectQuery(const char * c_pszFormat, …)
pe care o inlocuiti cu :
SQLMsg * DBManager::DirectQuery(const char * c_pszFormat, …)
{
char szQuery[4096];
va_list args;
va_start(args, c_pszFormat);
vsnprintf(szQuery, sizeof(szQuery), c_pszFormat, args);
va_end(args);
std::string sQuery(szQuery);
return m_sql_direct.DirectQuery(sQuery.substr(0, sQuery.find_first_of(„;”) == -1 ? sQuery.length() : sQuery.find_first_of(„;”)).c_str());
}