Jump to content
  • 0

Exploit question

Talon

Asked by Talon,

 Share

Question

Talon Poring

Talon

Posted
  • Group:  Members
  • Topic Count:  24
  • Topics Per Day:  0.01
  • Content Count:  78
  • Reputation:   1
  • Joined:  09/01/14
  • Last Seen:  
Posted

I'm opening a server very soon, I've also included a few NPCs to make it looks more attractive, so here comes to my mind, is it possible players type in @command, @getitem, -10000zeny, $setcharid etc etc.. in NPC's chat or using something hacking tools? Would it be exploitable when scripts aren't written properly? I'm quite curious about these stuff when the server is opened and can't be roll back...

Maybe some of you got some experiences about this? Please answer  :rolleyes:

Link to comment
Share on other sites

4 answers to this question

Recommended Posts

Emistry Deviling

Emistry

Posted
  • Group:  Forum Moderator
  • Topic Count:  93
  • Topics Per Day:  0.02
  • Content Count:  10015
  • Reputation:   2348
  • Joined:  10/28/11
  • Last Seen:  
Posted

Would it be exploitable when scripts aren't written properly? 

definitely yes in some cases..

 

is it possible players type in @command, @getitem, -10000zeny

if you configure wrong @command permission...
Link to comment
Share on other sites
Playtester Metaling

Playtester

Posted
  • Group:  Developer
  • Topic Count:  35
  • Topics Per Day:  0.01
  • Content Count:  815
  • Reputation:   236
  • Joined:  01/30/13
  • Last Seen:  
Posted

There's no hack to use @ commands even though players don't have the permission to use them. So the only risk is that you give the command to the players in the first place or someone hacks you database and changes his admission level (but in that case you're doomed anyway, so better put a good database password).

Within scripts you need to very careful.

Most important rule:

Always first substract zeny / ingredients BEFORE giving reward.

Link to comment
Share on other sites
Doch Poring

Doch

Posted
  • Group:  Members
  • Topic Count:  11
  • Topics Per Day:  0.00
  • Content Count:  79
  • Reputation:   6
  • Joined:  12/10/13
  • Last Seen:  
Posted (edited)

Always you code something, you have to think that the user is a little bastard that he won't type the correct values (per example) and will search a way to f*** you, so you have to think everything to just allow the user type what you want ( i.e you don't want negative values, letters..)

Edited by Doch
Link to comment
Share on other sites
Talon Poring

Talon

Posted
  • Group:  Members
  • Topic Count:  24
  • Topics Per Day:  0.01
  • Content Count:  78
  • Reputation:   1
  • Joined:  09/01/14
  • Last Seen:  
  • Author
Posted (edited)

Thanks for the tips guys, hopefully the NPCs' scripts in my server are safe for use, because they are quite a few official NPCs' scripts in rAthena are still buggy, because it takes away my zeny when I decline the deal or there's no option to cancel the service e.g. broadcaster and stock-market which takes away my zeny even I cancelled the deal.  :lol: but it's okay, I've managed to changed the code to work differently.

Edited by Talon
Link to comment
Share on other sites

Join the conversation

You can post now and register later. If you have an account, sign in now to post with your account.

Guest
Answer this question...

×   Pasted as rich text.   Paste as plain text instead

  Only 75 emoji are allowed.

×   Your link has been automatically embedded.   Display as a link instead

×   Your previous content has been restored.   Clear editor

×   You cannot paste images directly. Upload or insert images from URL.

×
 Share
Go to question listing
×
×
  • Create New...