Significant server exploit
#8

Quote:
Originally Posted by [uL]Pottus
Посмотреть сообщение
You should also save the name as it will change and it could be a valid admin name which you wouldn't want getting banned in your system. There is another problem with that solution as well, there could be many OnPlayerDisconnect()'s that are hooked before this callback then they might get called which isn't good because the player has not disconnected yet they've only spoofed an OnPlayerConnect().

Another potential issue if I'm reading this correctly.

if(ce_fix[playerid]) OnPlayerDisconnect(playerid, 3);
else ce_fix[playerid] = true;
#if defined CE_OnPlayerConnect
return CE_OnPlayerConnect(playerid);

If i'm not mistaken that will allow the spoofed OnPlayerConnect() to always hook, that is not desirable it's not a real connection.

Last point I'm pretty sure calling OnPlayerDisconnect() doesn't delete any per player stuff now this shouldn't matter but it could be an issue.

Just clarify things for me if I got another wrong or am overlooking anything thanks
Normally the player/bot will be able to call OnPlayerConnect() without calling OnPlayerDisconnect before, so this include basicly calls OnPlayerDisconnect(), and claims that the user has not properly disconnected and makes "reason" return 3 (custom reason). Now it should be possible to you to re-design your script to prevent issues within OnPlayerConnect and OnPlayerDisconnect. It's a simply and probably efficient solution for now.
Reply


Messages In This Thread
Significant server exploit - by Pottus - 04.12.2013, 19:18
Re: Significant server exploit - by Sublime - 05.12.2013, 01:44
Re: Significant server exploit - by Sublime - 05.12.2013, 04:23
AW: Significant server exploit - by BigETI - 05.12.2013, 05:11
Re: AW: Significant server exploit - by Pottus - 05.12.2013, 05:52
AW: Significant server exploit - by BigETI - 05.12.2013, 06:26
Re: AW: Significant server exploit - by Pottus - 05.12.2013, 06:49
AW: Re: AW: Significant server exploit - by BigETI - 05.12.2013, 06:56
Re: Significant server exploit - by Pottus - 05.12.2013, 07:08
Re: Significant server exploit - by Kyle - 05.12.2013, 08:54

Forum Jump:


Users browsing this thread: 1 Guest(s)