Login bypass + MapleQuestlineFetcher

Solved an exploit where anyone (via packet editing) could be able to login as any registered character after authenticating and selecting a character. New tool: MapleQuestlineFetcher. It reports ids from quests which quest script files were not found on the scripts folder.
2018-04-22 20:58:56 -03:00
parent a1fcf21ac9
commit b7a259e2c4
25 changed files with 1223 additions and 44 deletions
--- a/scripts/npc/9201050.js
+++ b/scripts/npc/9201050.js
@@ -47,7 +47,7 @@ function action(mode, type, selection) {
                    selStr += "\r\n#L" + i + "# " + info[i] + "#l";
                cm.sendSimple(selStr);
            }
-            else if (!cm.getQuestStarted(4911)){
+            else if (!cm.isQuestStarted(4911)){
                cm.sendNext("Good job! You've solved all of my questions about NLC. Enjoy of your trip!");
                cm.dispose();
                return;