Mirage Source Mirage Source (Nostalgia) Archive (2006-2011) Source Code Development Mirage Source 4 (Visual Basic 6) v
PHP Scripts. . . =(

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode
PHP Scripts. . . =(
Cruzn
Unregistered
 
#1
10-04-2009, 01:32 AM
Just so you guys know, the default MS4/MS3.0.3/etc. are all susceptible to malicious PHP scripts.

PHP Code: This scriptlet creates 51 accounts with randomly generated usernames. The password is static simply because I was lazy and this is only for demonstration purposes. It only takes a few seconds for this script to create 500 accounts. Basically, it's not super harmful to gameplay other than taking up one socket, using some bandwith, and wasting space (but when you can buy 1TB harddrives, the account sizes are negligible). This script is for MS4, but simply change the packet sent to the server and it will work for all versions.

Images:
[spoiler][Image: phpscript1.gif]
[Image: phpscript2.gif][/spoiler]

Have fun.
Reply
ExoShox
Unregistered
 
#2
10-04-2009, 01:52 AM
I assume this teaches how to take a server out? (At least if you have more than one person doing this at once on different IPs/Computers)
Reply
Tony
Unregistered
 
#3
10-04-2009, 01:53 AM
Wow, so registration through browser is possible?
Reply
Pbcrazy
Unregistered
 
#4
10-04-2009, 01:55 AM
ummm.... i would guess so...
Reply
Dragoons Master
Unregistered
 
#5
10-04-2009, 01:56 AM
Change your server to sql based. Then make it only possible to create account from the website, then add a CAPTCHA. Fixed.
Reply
Cruzn
Unregistered
 
#6
10-04-2009, 01:58 AM
Senseika Wrote:I assume this teaches how to take a server out? (At least if you have more than one person doing this at once on different IPs/Computers)
Sure, a person could easily max out all the sockets on a single script. It wouldn't crash the server, but nobody would be able to connect.

Tony Wrote:Wow, so registration through browser is possible?
[code]
Reply
Tony
Unregistered
 
#7
10-04-2009, 01:59 AM
Dragoons Master Wrote:Change your server to sql based. Then make it only possible to create account from the website, then add a CAPTCHA. Fixed.

You make it sound so easy :\
Reply
Dragoons Master
Unregistered
 
#8
10-04-2009, 04:20 AM
Tony Wrote:
Dragoons Master Wrote:Change your server to sql based. Then make it only possible to create account from the website, then add a CAPTCHA. Fixed.

You make it sound so easy :\
My game is already in mysql, so all I need is change the registration from the client to the browser.
Reply
Tony
Unregistered
 
#9
10-04-2009, 06:40 AM
So umm hows it unsafe if you can check if the packet came from your website?
Reply
Jacob
Unregistered
 
#10
10-04-2009, 12:37 PM
You could be hardcore and limit the amount of accounts created per IP address.
Reply
phelpsy
Unregistered
 
#11
10-04-2009, 07:35 PM
you could just limit an ip to making only two accounts per day problem solved
or encrypt all the packets
Reply


Forum Jump:


Users browsing this thread: 1 Guest(s)