Blockland Forums > Modification Help
Torque Webserver V2
Truce:
--- Quote from: mctwist on January 25, 2011, 10:22:34 AM ---
--- Code: ---<?tqs
quit();
?>
--- End code ---
Still, I doubt that you would do that nor allow anyone else.
--- End quote ---
Considering only people with access to Blockland's folder can create that, I don't see a problem.
mctwist:
--- Quote from: Truce on January 25, 2011, 10:29:04 AM ---Considering only people with access to Blockland's folder can create that, I don't see a problem.
--- End quote ---
That reminds me of the exploit you found in RP Core. Nobody would abuse it unless some serverside script opened it up, which apparently it did for someone.
Truce:
--- Quote from: mctwist on January 25, 2011, 11:09:07 AM ---That reminds me of the exploit you found in RP Core. Nobody would abuse it unless some serverside script opened it up, which apparently it did for someone.
--- End quote ---
So any mod that exports vars to a .cs file and execs it to load them has flawed security, because another add-on can write "quit();" to that .cs file? No, because if that was the case, the add-on appending the code has a problem, not the original. Besides, from Iban's post on the RTB forums, it looked like you didn't need another mod to exploit RP Core, meaning yours had an issue.
Destiny/Zack0Wack0:
--- Quote from: mctwist on January 25, 2011, 10:22:34 AM ---
--- Code: ---<?tqs
quit();
?>
--- End code ---
Still, I doubt that you would do that nor allow anyone else.
--- End quote ---
How is that any different from putting it in a CS file and having something execute it in-game?
mctwist:
--- Quote from: Truce on January 25, 2011, 11:41:07 AM ---Besides, from Iban's post on the RTB forums, it looked like you didn't need another mod to exploit RP Core, meaning yours had an issue.
--- End quote ---
--- Code: ---// Changing a variable
function ChangeRPVariable(%var, %value)
{
// Invalid variable
if (%var $= "")
return false;
// Check for cheats
if (strstr(%var, ";") >= 0 || strstr(%value, ";") >= 0)
return false;
%t = $RP::setting::namei_[%var];
// Variable exist
if (!%t)
return false;
eval("$RP::pref::" @ %var @ " = \"" @ %value @ "\";");
$RP::setting::var[%t] = %value;
RP_PreparePrefList(%t);
//RP_PreparePrefTable();
/}
--- End code ---
This is the code where the exploit was found. Note these lines:
--- Code: ---%t = $RP::setting::namei_[%var];
// Variable exist
if (!%t)
return false;
--- End code ---
So, if I'm throwing in his example in the function:
--- Code: ---ChangeRPVariable("McTwist", "\"@quit()@\"");
--- End code ---
Check variable which is false:
--- Code: ---if ("McTwist" $= "")
return false;
--- End code ---
Continues with next, which is false:
--- Code: ---if (strstr("McTwist", ";") >= 0 || strstr("\"@quit()@\"", ";") >= 0)
return false;
--- End code ---
And now comes the interesting part:
--- Code: ---"" = $RP::setting::namei_["McTwist"];
// Variable exist
if (!"")
return false;
--- End code ---
What will happen there? Someone have to fake that variable to make this work. I admit that the exploit was a really idiotic thing, but still, it cannot be opened from outside.
Also, to clear things up, I heard you were one of the guys that hacked the victims server. Please tell if that information was wrong.
--- Quote from: Destiny/Zack0Wack0 on January 25, 2011, 11:43:58 AM ---How is that any different from putting it in a CS file and having something execute it in-game?
--- End quote ---
Point. I take it back.