Jump to content
MakeWebGames

Crystal market exploit?


ignite

Recommended Posts

Guest Anonymous

Re: Crystal market exploit?

No the system was removed as it was abused and misused.

+1

Edit: Don't think i can give you +1 anymore

No the system was removed as it was abused and misused.

Link to comment
Share on other sites

Re: Crystal market exploit?

missed a , in the query:

 

CREATE TABLE `cheater_catcher` (
 `cc_id` int(11) NOT NULL auto_increment,
 `cc_userid` int(11) NOT NULL default '0',
 `cc_count` int(11) NOT NULL default '0',
 PRIMARY KEY  (`cc_id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;
Link to comment
Share on other sites

Re: Crystal market exploit?

How i stopped this was very easy.. first you find the..

$q=$db->query("SELECT * FROM crystalmarket cm WHERE cmID={$_GET['ID']}");

under the function crystal_buy()

and replace it with..

$q=$db->query("SELECT * FROM crystalmarket cm WHERE cmID='".mysql_real_escape_string($_GET['ID'])."'");

and it stops the exploit from working. Hope this helps. :-)

Link to comment
Share on other sites

Re: Crystal market exploit?

woooooh here is a more eficient code for those who have gang markets and such:

if($_GET['ID']) {
die('Go to hell scumbag :D');
$_GET['ID']=mysql_real_escape_string($_GET['ID']);
}['/code]

Add that in ur header just under ur health energy and other things.

NOTE: You have add a load of them if u dont just use a ID part for instance there is an exploit in the view users wich ive stoped using:

[code]
if($_GET['u']) {
die('Go to hell scumbag :D');
$_GET['u']=mysql_real_escape_string($_GET['u']);
}

 

PS: This has not been tested since mine is a different one and i dont want to go into my database :P[/code]

Link to comment
Share on other sites

Re: Crystal market exploit?

I know/knew the URL. One of the players sold it to me in return for a dp. Afterwards I banned his IP and deleted his account of course. I think the URL is still sitting in my MSN logs somewhere but I just know if I post it there will be a message in my inbox in the morning and a:

 

EDIT: Please do not post exploits on CE

on this post... So for that reason I will tell you the basics of it. It uses the union part of sql scripting to add an additional query that adds onto the code making the user get money and crystals. It's just 1 more reason why I hate hackers...

Link to comment
Share on other sites

Re: Crystal market exploit?

wats this v2

Create a table:

 

CREATE TABLE `cheater_catcher` (
 `cc_id` int(11) NOT NULL auto_increment,
 `cc_userid` int(11) NOT NULL default '0',
 `cc_count` int(11) NOT NULL default '0'
 PRIMARY KEY  (`cc_id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

 

Then use this code in the cmarket.php page, Below $h->menuarea();

 

// Checks to see if the ID field in the URL is numeric value
if(eregi("[^0-9]", $_GET[iD]))
{

// Selects from the cheater table to see if they have a previous record
$select_data = mysql_query("SELECT * FROM cheater_catcher WHERE cc_userid = ".$ir[userid]."");

// If they dont have a previous record, Create one
if(!mysql_num_rows($select_data))
{
mysql_query("INSERT INTO `cheater_catcher` VALUES ('', '".$ir[userid]."', '1'");
}

// Else
else
{

// Update the cheater catcher to add 1 to their existing count
$data = mysql_fetch_object($select_data);
mysql_query("UPDATE `cheater_catcher` SET cc_count = cc_count + 1 WHERE cc_userid = '".$ir[userid]."'");

// Now we check what their count is, If its above or equal to 3, Fed the scumbag =P
if($data->cc_count >= 3)
	{
	mysql_query("UPDATE users SET fedjail = '1' WHERE userid = '".$ir[userid]."'");
	mysql_query("INSERT INTO `fedjail` VALUES ('', '".$ir[userid]."', '300', '1', 'Trying to exploit the game')");
	}
}

// Echo some result, Kill the page and finish the function
echo "Quit trying to abuse you scumbag";
$h->endpage();
exit;
}

 

Edit Code is not tested as i dont have a game to test on, But should work. Although, If it doesnt, Im not offering support, So you either learn and fix it yourself, get someone else to help or simply dont use it.

Link to comment
Share on other sites

  • 9 months later...

Re: Crystal market exploit?

 

Create a table:

 

CREATE TABLE `cheater_catcher` (
 `cc_id` int(11) NOT NULL auto_increment,
 `cc_userid` int(11) NOT NULL default '0',
 `cc_count` int(11) NOT NULL default '0'
 PRIMARY KEY  (`cc_id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

 

Then use this code in the cmarket.php page, Below $h->menuarea();

 

// Checks to see if the ID field in the URL is numeric value
if(eregi("[^0-9]", $_GET[iD]))
{

// Selects from the cheater table to see if they have a previous record
$select_data = mysql_query("SELECT * FROM cheater_catcher WHERE cc_userid = ".$ir[userid]."");

// If they dont have a previous record, Create one
if(!mysql_num_rows($select_data))
{
mysql_query("INSERT INTO `cheater_catcher` VALUES ('', '".$ir[userid]."', '1'");
}

// Else
else
{

// Update the cheater catcher to add 1 to their existing count
$data = mysql_fetch_object($select_data);
mysql_query("UPDATE `cheater_catcher` SET cc_count = cc_count + 1 WHERE cc_userid = '".$ir[userid]."'");

// Now we check what their count is, If its above or equal to 3, Fed the scumbag =P
if($data->cc_count >= 3)
	{
	mysql_query("UPDATE users SET fedjail = '1' WHERE userid = '".$ir[userid]."'");
	mysql_query("INSERT INTO `fedjail` VALUES ('', '".$ir[userid]."', '300', '1', 'Trying to exploit the game')");
	}
}

// Echo some result, Kill the page and finish the function
echo "Quit trying to abuse you scumbag";
$h->endpage();
exit;
}

 

Edit Code is not tested as i dont have a game to test on, But should work. Although, If it doesnt, Im not offering support, So you either learn and fix it yourself, get someone else to help or simply dont use it.

QUERY ERROR: You have an error in your SQL syntax; check the manual that corresponds to your MySQL server version for the right syntax to use near '' at line 1

Query was INSERT INTO `cheater_catcher` VALUES ('', '2', '1'

i got that

Link to comment
Share on other sites

Re: Crystal market exploit?

 

CREATE TABLE `cheater_catcher` (
 `cc_id` int(11) NOT NULL auto_increment,
 `cc_userid` int(11) NOT NULL default '0',
 `cc_count` int(11) NOT NULL default '0',
 PRIMARY KEY  (`cc_id`)
) ENGINE=MyISAM  DEFAULT CHARSET=latin1 AUTO_INCREMENT=1 ;

 

Read all posts, then start using a script.

Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Reply to this topic...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
×
  • Create New...