Sweetgum/sweetgum-server
1
1
Fork 0
Code Issues Pull Requests Packages Projects Releases Wiki Activity

Login bypass + MapleQuestlineFetcher

Browse Source 
Solved an exploit where anyone (via packet editing) could be able to login as any registered character after authenticating and selecting a character.
New tool: MapleQuestlineFetcher. It reports ids from quests which quest script files were not found on the scripts folder.
This commit is contained in:
ronancpl
2018-04-22 20:58:56 -03:00
parent a1fcf21ac9
commit b7a259e2c4
25 changed files with 1223 additions and 44 deletions
Download Patch File Download Diff File Expand all files Collapse all files

6
src/net/server/channel/handlers/PlayerLoggedinHandler.java
View File

@@ -53,6 +53,7 @@ import client.inventory.MapleInventoryType;
import client.inventory.MaplePet;
import constants.GameConstants;
import constants.ServerConstants;
import java.net.InetSocketAddress;
import java.util.Collections;
import java.util.Comparator;
import java.util.Map;
@@ -71,6 +72,11 @@ public final class PlayerLoggedinHandler extends AbstractMaplePacketHandler {
MapleCharacter player = c.getWorldServer().getPlayerStorage().getCharacterById(cid);
boolean newcomer = false;
if (player == null) {
if(!server.validateCharacteridInTransition((InetSocketAddress) c.getSession().getRemoteAddress(), cid)) {
c.disconnect(true, false);
return;
}
try {
player = MapleCharacter.loadCharFromDB(cid, c, true);
newcomer = true;