Taxed Posted February 2, 2010 Share Posted February 2, 2010 Hi, I am starting this post to keep a detailed list for public use detailing known hacks in the Gangster Legends Engine and reccomendations on how to solve them. This is not a full list of hacks, only the hacks we have found. A brief hack session to test basic security performed by Zero-Affect came back positive with only two hacks found. This does not however mean that there are no more bugs in the engine. Undifined Location Hack - Documented: 02/02/2010 This hack is performed on the register page and allows a hacker to set an undifined location upon registration. The problem is specifically caused by allowing the players the choose their starting location. Recommended Fix Use a predifined starting location and remove the option from your HTML Form. Set your SQL to use a predifined number upon row creation and remove the php for the location from the register.php. Session Hack - Documented: 02/02/2010 This session hack is performed using the standard instant chat system that comes by default with Gangster Legends. The chat system can be used by hackers to steal single player sessions or given enough time the majority of your player base. Provided they have prior knowledge of the GL database structure and naming conventions they could manipulate the database causing you to lose control of your game. Recommended Fix Im sure you could fix this by using "html_entity_decode" and "stripslashes" but I havent tested it myself. I personally removed the chat and intergrated a more personalized instant chat. But there are methods out there you could use to secure the chat if you dont want to intergrate a better one. I hope the documentation on these known hacks helps you. I will add more if/when we find any more. Quote Link to comment Share on other sites More sharing options...
Zero-Affect Posted February 2, 2010 Share Posted February 2, 2010 Yeah like i said when doing it, i only had a small amount of time to run through some basic stuff but with more time i could most likely come up with afew more. I will at some point give it another go. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.