Eternal Posted April 11, 2009 Posted April 11, 2009 As from what some of you have found out anyone can take over your game in a matter of seconds no matter how you escape sql strings and protect it. I won't disclose the exact format on this but i will say alterting http headers to change X_Forwarded_for to "0.0.0.0',string='input of database feild" will just alter anything in the table your using to monitor ip's Changing X_Forwarded_for to getenv("REMOTE_ADDR") Will display the users correct ip rather than letting someone altering it. I know this isn't a mod but it is an alter of the mccode scripting so i would suggest doing the change before someone targets you next. Just altering tables isn't the only thing you can do.. So beware Quote
Guest Anonymous Posted April 11, 2009 Posted April 11, 2009 Re: Website exploitation This security threat was posted the other day (and the easy solution to fix it), even though it was already well known. http://criminalexistence.com/ceforums/i ... ic=28463.0 Quote
Eternal Posted April 11, 2009 Author Posted April 11, 2009 Re: Website exploitation lol yer didn't see that lol. I been using this for a while now i could just tell everyone the way to activate it so all the games on the net get taken down :P Quote
bigm Posted April 11, 2009 Posted April 11, 2009 Re: Website exploitation Still would be a +1 (if used) for posting fix just incase :) Quote
noddy Posted April 11, 2009 Posted April 11, 2009 Re: Website exploitation +1 FOR YOU MY FRIEND Quote
supernova800 Posted April 14, 2009 Posted April 14, 2009 Re: Website exploitation Yip, +1 from me too, thanks :mrgreen: Quote
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.