Sweetgum/sweetgum-server
1
0
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Login bypass + MapleQuestlineFetcher

Browse Source 
Solved an exploit where anyone (via packet editing) could be able to login as any registered character after authenticating and selecting a character.
New tool: MapleQuestlineFetcher. It reports ids from quests which quest script files were not found on the scripts folder.
This commit is contained in:
ronancpl
2018-04-22 20:58:56 -03:00
parent a1fcf21ac9
commit b7a259e2c4
25 changed files with 1223 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

14
src/client/MapleCharacter.java
View File

@@ -1716,27 +1716,26 @@ public class MapleCharacter extends AbstractAnimatedMapleMapObject {
}
public static boolean deleteCharFromDB(MapleCharacter player, int senderAccId) {
int cid = player.getId(), accId = -1, world = 0;
int cid = player.getId();
if(!Server.getInstance().haveCharacterid(senderAccId, cid)) {
return false;
}
int accId = senderAccId, world = 0;
Connection con = null;
try {
con = DatabaseConnection.getConnection();
try (PreparedStatement ps = con.prepareStatement("SELECT accountid, world FROM characters WHERE id = ?")) {
try (PreparedStatement ps = con.prepareStatement("SELECT world FROM characters WHERE id = ?")) {
ps.setInt(1, cid);
try (ResultSet rs = ps.executeQuery()) {
if(rs.next()) {
accId = rs.getInt("accountid");
world = rs.getInt("world");
}
}
}
if(senderAccId != accId) {
return false;
}
try (PreparedStatement ps = con.prepareStatement("SELECT buddyid FROM buddies WHERE characterid = ?")) {
ps.setInt(1, cid);
@@ -1896,6 +1895,7 @@ public class MapleCharacter extends AbstractAnimatedMapleMapObject {
}
con.close();
Server.getInstance().deleteCharacterid(accId, cid);
return true;
} catch (SQLException e) {
e.printStackTrace();