• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Configuration Gesior AAC Exploits! [All Versions]

Red

Red

Cyntara.org
Staff member
Global Moderator
Premium User
Joined
Aug 9, 2008
Messages
4,455
Solutions
2
Reaction score
921
Location
United States
WARNING

There are a few common exploits found in all versions of Gesior AAC. When it was created solely by Gesior I think there was probably only one bug, which concerns guild images. I do not think Gesior intentionally created an exploit, but Liugarneth (also known as Widnet), a member of the new "Gesior AAC team" has created an exploit intentionally. I talked to somebody (who is now a very good friend of mine) and he told me where the exploits were. So the credits go to him, and not me. Although he wishes to remain anonymous.
I did not find these exploits. I am only telling you where they are and how to fix them!

Without further adieu:

in guilds.php:

Replace:
PHP: 
$guild_logo = $guild->getCustomField('logo_gfx_name'); if(empty($guild_logo) || !file_exists("guilds/".$guild_logo)) $guild_logo = "default_logo.gif";

With this:
PHP: 
foreach (array("/", "\\", "..") as $char) {
	$guild_logo = str_replace($char, "", $guild->getCustomField('logo_gfx_name'));
}
if (empty($guild_logo) || !file_exists("guilds/".$guild_logo)) {
	$guild_logo = "default_logo.gif";
}

This will remove "/", "\" and ".." from the guild_logo name. Now it should be impossible to hack gesiors AAC through guilds.php this way.

Credits to stian for the idea. And to Mazen for posting it Here!


Now on for the next step:

houses.php

I suggest removing this completely, I have not been able to check the new resources for Gesior AAC 0.3.6 but I was told that this file has the ability to allow a user to view your config.lua using HTML. - Thus, letting people into your PMA.

latestnews.php

I suggest removing your news ticker, there is an exploit that allows users to create an account and write their own news. As you think this may not be dire, with the correct script, they could disable people from viewing your website, and redirecting it to theirs. If somebody knows how to patch this, I'd love to post it besides just "Delete it". But I guess I will just write this because my tutorial is more for awareness and pointing out all Gesior exploits, intentional or not. Thank you.


These are the only known-exploits for Gesior AAC. guilds.php affects ALL users, and I'm pretty sure houses.php is the new backdoor created for the "Gesior AAC Team" to access servers. To be 100% secure, I suggest removing houses and doing what I said for guilds.

If you know of any other Gesior exploits, and would like me to post how to prevent it/patch it please PM me, this is your warning!

Have fun & good luck!
Red
 
Last edited:
lol
nice
now
how the gecior aac developers will haxk?
 
Lol! Red u are stupid n00b...

@edit
Houses issue is only in Sasir release of houses.php ... (sql injection)

Guild Images. Only in nginx bad configuration - Attack "Poison null byte"
fix:
Code: 
if (!-f $request_filename.php) { return 404; break; }
 
Last edited:
loool well it's not me
i don't even use SVN's gesior aac for my ot ^^

in guilds.php:

Find:

Code:
$guild_logo = $guild->getCustomField('logo_gfx_name'); if(empty($guild_logo) || !file_exists("guilds/".$guild_logo)) $guild_logo = "default_logo.gif";

Replace With:

Code:
$guild_logo = "default_logo.gif";
Click to expand...
If you do that I think your AAC will not support custom guild logos ^^

Zakius, Widnet, Norix and Cybermaster -current Gesior DEV team
 
Last edited:
Cybershot said:
loool well it's not me
i don't even use SVN's gesior aac for my ot ^^

If you do that I think your AAC will not support custom guild logos ^^

Zakius, Widnet, Norix and Cybermaster -current Gesior DEV team
Click to expand...

Yes, that's exactly what replacing that line in the code does.
I sent you a private message in regards as to who was the one who hacked my server, and probably some others.

Red
 
Does this have something to do?
- The PHP GIF security issue
The problem that was discovered is that you can insert PHP code in the middle of a GIF image. That would not be a problem if it was not for the insecure ways some developers use to serve images upload by their users.

Usually, uploaded files are moved to a given directory. If the site then serves the images directly from that directory and preserve the original file name, the site may be open for security exploits.

For instance, lets say the attacker uploads an image named image.gif.php . The image may be moved to the images directory. If the the Web server is configured as usual to process requests with files .php extension, and the site serves the image with the following URL, the request will execute the PHP code inside the image.

http://www.yoursite.com/images/image.gif.php
Click to expand...
 
Thank you, for security reasons, never trust the dev team.
 
I think I found all exploits. If you pm me I will give you the informations to disable them.
 
Znote said:
Thank you, for security reasons, never trust the dev team.
Click to expand...
;( you might mean widnet
we didn´t even know that there were exploits there
 
well, I think that big characters limit in forum textbox can be used to sqlinject(I dont remember anything protecting from it, but I hope that I'm wrong)
 
Replace:
$guild_logo = $guild->getCustomField('logo_gfx_name'); if(empty($guild_logo) || !file_exists("guilds/".$guild_logo)) $guild_logo = "default_logo.gif";
Click to expand...

With:
$guild_logo = str_replace(array('..', '/'), array('',''), $guild->getCustomField('logo_gfx_name')); if(empty($guild_logo) || !file_exists("guilds/".$guild_logo)) $guild_logo = "default_logo.gif";
 
stian said:
Replace:


With:
$guild_logo = str_replace(array('..', '/'), array('',''), $guild->getCustomField('logo_gfx_name')); if(empty($guild_logo) || !file_exists("guilds/".$guild_logo)) $guild_logo = "default_logo.gif";
Click to expand...

What exactly does that do stian? so I can add that to the tutorial.

Red
 
Cybershoot said:
;( you might mean widnet
we didn´t even know that there were exploits there
Click to expand...
There you go, YOUR OWN TEAM-MATE fool you!..

Btw, widnet and dulin.. :)
 
Cybershot said:
;( you might mean widnet
we didn´t even know that there were exploits there
Click to expand...
Saty with widnet and he will h4x Your brain lolz. That kid (14yo) thinks that over the law (anonymous in the internet). After He touched Red server, it was like "please dont tell any1". Also he cant speak/use proper (never seen a programmer w/o eanglish skills :huh:).
I heared that som1 went to police, coz he hacked His ot. Beware if You want to have problems like he do.
 
Technic said:
Saty with widnet and he will h4x Your brain lolz. That kid (14yo) thinks that over the law (anonymous in the internet). After He touched Red server, it was like "please dont tell any1". Also he cant speak/use proper (never seen a programmer w/o eanglish skills :huh:).
I heared that som1 went to police, coz he hacked His ot. Beware if You want to have problems like he do.
Click to expand...
haha dw, here that never happens:peace:
i don't really matter about this since we the team have nothing to do with this

Kekox said:
There you go, YOUR OWN TEAM-MATE fool you!..

Btw, widnet and dulin.. :)
Click to expand...
i thought you were the fool, since you were hax recently :peace: be careful with exploits
 
Last edited:

Similar threads

Jpstafe
  • Solved
Erro Rook_Sample created(MYACC)
Replies
2
Views
314
Jpstafe
Jpstafe
PuszekLDZ
[Poland] [7.4] [Real Map] Medium Rate Tibia 7.4 - 4FUN server [12 Jan 2024 17:00 CET]
Replies
7
Views
1K
Kresh170
Kresh170
Fortera Global
[Brasil][13.21+] ForteraOT - [10.19.2023 - 19:00]
Replies
2
Views
464
Fortera Global
Fortera Global
Joriku
[Znote Acc] Simple wiki page
Replies
2
Views
547
Joriku
Joriku
Back
Top