Mirage Source Mirage Source (Nostalgia) Archive (2006-2011) Resources v
Account Dupe Fix

Thread Rating:
  • 0 Vote(s) - 0 Average
  • 1
  • 2
  • 3
  • 4
  • 5
Threaded Mode
Account Dupe Fix
Matt
Unregistered
 
#1
09-12-2006, 07:20 PM
Originally posted by GodSentDeath

Originaly Posted By: Jobs

This was made by Danny

On server side
in modServerTCP
in the

Code:
' ::::::::::::::::::::
' :: Login packet ::
' ::::::::::::::::::::

add
[code]
' Prevent Dupeing
For i = 1 To Len(Name)
n = Asc(Mid(Name, i, 1))

If (n >= 65 And n = 97 And n = 48 And n
Reply
Acruno
Unregistered
 
#2
11-08-2008, 07:53 PM
Sorry for the Necro, but what does this actually do?
Reply
GIAKEN
Unregistered
 
#3
11-08-2008, 07:57 PM
It only allows certain characters for the person to use in their name. This needs to be done wherever there's an input for character data (guild, password, whatever) because you can easily get Access=4 or whatever you want with something like Name & vbNewLine & Access=4 and so on.
Reply
Matt
Unregistered
 
#4
11-08-2008, 08:08 PM
With default Mirage, and in any game that has not added this fix, you can login with your username and password, for example:

ID: MyName
Pass: 1234

Then you can open the client again and login again, on the same account, by using this:

ID: /MyName
Pass: 1234

Again, and again. Dropping your items on one client, picking them up on another, then logging out with the empty account first. Then logging out on the account with all the items, saving all your duped, illgotten items, money, etc.

^_^
Reply
GIAKEN
Unregistered
 
#5
11-08-2008, 08:34 PM
Well I just figured out the admin thing on Labmonkey's game by having the source and sending the guild name packet Tongue
Reply
Acruno
Unregistered
 
#6
12-08-2008, 12:49 PM
Thanks, I understand now Wink
Reply
Matt
Unregistered
 
#7
12-08-2008, 01:58 PM
Asrrin29 Wrote:If you use MySQL, I don't think any of these injection type attacks would work. But is the account duping still present or does it depend on using ini files?

I have no idea. Give it a try on your game.
Reply
Labmonkey
Unregistered
 
#8
12-08-2008, 02:14 PM
you can sql inject

lol, it was reposted by like 4 people.
Reply
Joost
Unregistered
 
#9
14-08-2008, 12:24 PM
[code]' Prevent Dupeing
For i = 1 To Len(Name)
n = Asc(Mid(Name, i, 1))

IfNot (n >= 65 And n = 97 And n = 48 And n
Reply
Matt
Unregistered
 
#10
14-08-2008, 12:26 PM
[quote="Joost"][code]' Prevent Dupeing
For i = 1 To Len(Name)
n = Asc(Mid(Name, i, 1))

IfNot (n >= 65 And n = 97 And n = 48 And n
Reply
Acruno
Unregistered
 
#11
14-08-2008, 07:32 PM
Dave Wrote:[Image: bobbytableshq2.png]

LOL


Just out of interest, why DOES putting in certain characters/strings have an effect?
Reply
Reece
Unregistered
 
#12
14-08-2008, 10:40 PM
Dave Wrote:As for the /name thing I think it checks if the account is online before it cleans the string of "bad" characters.

As for the admin = 5 thing,

If you write "Name = " and let the person specifiy what comes after that... they can make it say, "Dave & VBNewLine & Access = 5"

Then the file will look like this:
Name = Dave
Access = 5

See the problem? Big Grin

SQL injections are similar.

Can't you just check to see if "VbNewLine" is in the textbox?
Reply


Forum Jump:


Users browsing this thread: 2 Guest(s)