vb.org Archive

vb.org Archive (https://vborg.vbsupport.ru/index.php)
-   ibProArcade Archive (https://vborg.vbsupport.ru/forumdisplay.php?f=174)
-   -   [Cheat] Bug found!!! (https://vborg.vbsupport.ru/showthread.php?t=139851)

the coldfusion 02-19-2007 03:43 PM

[Cheat] Bug found!!!
 
Hi,
somebody i know, Refl3x, has found an exploit.
The exploit works like this: The score is submitted by a HTTP Post. If you create a form like this:
Code:

Edited, Pm me for the code!
This is a simple way to cheat. All you have to know is the exact name of the game.

Stifmeister2 02-19-2007 04:39 PM

Damn... just when I thought I found the only way to manipulate scores.. here's a new one. :(

We need a fix soon.

the coldfusion 02-19-2007 04:53 PM

Really soon!

Stifmeister2 02-19-2007 09:32 PM

Have you contcted MrZeropage via PM about this?

MrZeropage 02-20-2007 12:01 PM

PM sent ... will investigate

MrZeropage 02-20-2007 01:03 PM

beside that (still got no PM from him) please notice this :)

the coldfusion 02-21-2007 05:44 PM

Sorry for the late reply, but the PM is sended!

MrZeropage 02-21-2007 08:06 PM

Ok, simple thing I think, will fix that... :)

the coldfusion 02-22-2007 12:44 AM

Okey :)

Shazz 02-22-2007 01:41 AM

Quote:

Originally Posted by MrZeropage (Post 1187767)
Ok, simple thing I think, will fix that... :)

So the cheat is possible for all 2.5.9 versions :o

MrZeropage 02-22-2007 04:20 AM

Beside this I managed to fix all cross-scoring issues last night, one user already tested and verified that the fixes work.
I am somehow a little sad that nobody else wants to help and test for the cross-scoring-issue, I asked for some testusers two days ago and nobody wants to participate :(

I am now doing some adaptions to guest-play-feature and then v2.6.0+ is ready ... hope somebody else having cross-scoring-issues wants to test a pre-version of 2.6.0 (waiting for PM now)

da420 02-22-2007 04:29 AM

I have not seen any cross scoring issues on my set up, so I am not sure if I can help, but if you need to test something I am always willing to do so Zero.

MrZeropage 02-22-2007 12:17 PM

Before I even did not know how to cheat using cross-scoring, but after it got explained I verified it on my testsite.

But now this is eliminated, if anybody of those who reported the cross-scoring before could verify this is 100% fixed now. I am wondering as alot of people complained about it, and now that I want somebody to test and verify the fix, I am alone :(

Shazz 02-22-2007 12:23 PM

PM sent :D

cashpath 02-22-2007 12:30 PM

Quote:

Originally Posted by da420 (Post 1188068)
I have not seen any cross scoring issues on my set up, so I am not sure if I can help, but if you need to test something I am always willing to do so Zero.

I beleive it was a bug with V3 games in your arcade.. I'm not positive on this but thats what I gathered from the testing.

Stifmeister2 02-22-2007 03:58 PM

Yeah everyone who has knowledge of that cross-scoring issue in 2.5.9+ please contact MrZeropage!

MrZeropage 02-23-2007 05:57 AM

still nobody of those who reported this issue and waiting for a fix contacted me for testing... where is the ibProArcade-community ?! ;)

cashpath 02-23-2007 09:01 PM

Quote:

Yeah everyone who has knowledge of that cross-scoring issue in 2.5.9+ please contact MrZeropage!
I did.. and I think he fixed it.. I think it is a different bug he is asking for people to help test. One I am not aware of.

Stifmeister2 02-24-2007 01:01 PM

I know one bug but I'm afraid it's impossible to fix it. :( (I've noticed Mr. Zeropage about it.)

MrZeropage 02-24-2007 03:17 PM

That is not a bug but some external tool to manipulate communication between the player and the forum/server/arcade so nothing about the arcade itself...

but anyway, new secure games will somehow be protected against such manipulation :p

Stifmeister2 02-24-2007 11:28 PM

Quote:

Originally Posted by MrZeropage (Post 1189762)
That is not a bug but some external tool to manipulate communication between the player and the forum/server/arcade so nothing about the arcade itself...

but anyway, new secure games will somehow be protected against such manipulation :p

Yes I know.. :( It sucks, why do they even create such tools..

I'm glad to hear that. :)

LadyHoney 04-02-2007 09:56 PM

im not sure whats goin on with my board but it looks like i should post here.

I am running vbulletin 3.58 and ibproarcade 2.61+

Some how one of our member is able to manipulate the scores.. he is showing very high scores in just a few seconds of play .. .I read thru this forum but i dont understand if my problem is the same or not.. ( im code illiterate) I see you asking for testers but I would have to understand first how to create the problem.. Is there a fix for this problem or is this even possible to do... Is anyone else having similar issues? thanks in advance for your help

btw... we love this arcade!!!

MrZeropage 04-03-2007 06:21 AM

Some Games have bugs, I don't think he can directly insert scores in the arcade.
Another way would be to directly manipulate the flashcode which is downloaded locally to the computer of the player, but that is much work...

To be sure check if you have new, secured games (in AdminCP -> Game List they display a yellow "!"-icon under the category) which those it should be impossible to cheat/manipulate any result.


All times are GMT. The time now is 05:05 AM.

Powered by vBulletin® Version 3.8.12 by vBS
Copyright ©2000 - 2025, vBulletin Solutions Inc.

X vBulletin 3.8.12 by vBS Debug Information
  • Page Generation 0.01310 seconds
  • Memory Usage 1,755KB
  • Queries Executed 10 (?)
More Information
Template Usage:
  • (1)ad_footer_end
  • (1)ad_footer_start
  • (1)ad_header_end
  • (1)ad_header_logo
  • (1)ad_navbar_below
  • (1)bbcode_code_printable
  • (4)bbcode_quote_printable
  • (1)footer
  • (1)gobutton
  • (1)header
  • (1)headinclude
  • (6)option
  • (1)post_thanks_navbar_search
  • (1)printthread
  • (23)printthreadbit
  • (1)spacer_close
  • (1)spacer_open 

Phrase Groups Available:
  • global
  • postbit
  • showthread
Included Files:
  • ./printthread.php
  • ./global.php
  • ./includes/init.php
  • ./includes/class_core.php
  • ./includes/config.php
  • ./includes/functions.php
  • ./includes/class_hook.php
  • ./includes/modsystem_functions.php
  • ./includes/class_bbcode_alt.php
  • ./includes/class_bbcode.php
  • ./includes/functions_bigthree.php 

Hooks Called:
  • init_startup
  • init_startup_session_setup_start
  • init_startup_session_setup_complete
  • cache_permissions
  • fetch_threadinfo_query
  • fetch_threadinfo
  • fetch_foruminfo
  • style_fetch
  • cache_templates
  • global_start
  • parse_templates
  • global_setup_complete
  • printthread_start
  • bbcode_fetch_tags
  • bbcode_create
  • bbcode_parse_start
  • bbcode_parse_complete_precache
  • bbcode_parse_complete
  • printthread_post
  • printthread_complete