/createnote Bug - Printable Version

+- SA-MP Forums Archive (https://sampforum.blast.hk)
+-- Forum: SA-MP Scripting and Plugins (https://sampforum.blast.hk/forumdisplay.php?fid=8)
+--- Forum: Scripting Help (https://sampforum.blast.hk/forumdisplay.php?fid=12)
+---- Forum: Help Archive (https://sampforum.blast.hk/forumdisplay.php?fid=89)
+---- Thread: /createnote Bug (/showthread.php?tid=147418)

---

/createnote Bug - Nekom - 12.05.2010

A lot of time ago I discovered a very dangerous bug in a command of almost all RP GameModes...
This bug was in the /createnote command but a lot of italian people (very noobs too, as who said to remove the /createnote command in my gm topic) knew that as a chain...
With the /createnote you can inject a string in the account file of RP GMs, so if for example you do
(The new line character is invisible here, it's not the character that is written when you press Return, it's the new line character and you must copy it for example from an account file with the Block Note)
It writes in the account file
So when the player relogs in he's admin!
To fix this bug you must prevent the use of "=" character in the /createnote bug

Sorry for my English, but I am Italian... Peppe

---

Re: /createnote Bug - Nekom - 12.05.2010

I up this topic to warn the peaple about this bug

---

Re: /createnote Bug - Sergei - 12.05.2010

Just disallow \. Without '\n\r you can't do that anyway since it would be the same line.

---

Re: /createnote Bug - Zimon95 - 12.05.2010

Yes, I can confirm this bug, it's really dangerous for your server security. If you have a /createnote command copied from GF edits, add this line:
Under this:
@Serg: try, it will work. I tested it and it works.

---

Re: /createnote Bug - Nekom - 12.05.2010

Open an account file with bloc notes and copy the character that's for example between
Password=pass and
Level=1
(It usually displays as a wrong character)

Then past it... so you create a new line

---