Some bruteforce protection is Very useful and also i dont know if you saw this topic http://otland.net/f479/gesior-aac-exploits-all-versions-76074/
I hope this help you good job
- - - Updated - - -
Buypoints:Lua:PHP Injection in buypoints.php An old exploit not posted here I think, bu - Pastebin.com[/url][/QUOTE] [B]guilds.php[/B] - Can anyone tell me how hacker can abuse that? I still don't get how someone can abuse script that saves image with name like 'Gesior_guild[B].PNG[/B]' and then loads it in [B]<img src="here image url" alt="" />[/B] In new version I did change file name from 'strireplace(' ', '_', $guild->getName()) . $extension' to 'time() . '_' . md5($guild->getName()) . $extension'. [B]houses.php[/B] - rewritten [B]latestnews.php[/B] - rewritten [B]buypoints.php[/B] is fixed other way (urlencode variables, not check 'A-Z0-9a-z'). [B]From buypoints I removed 'daopay' system and added 'zaypay'.[/B] [quote="Vightrain, post: 1641794"][FONT=Palatino Linotype]Great work Gesior.pl but i think there is a problem with change name option in shopsystem.php... I think you can abuse it so please check it out :)[/FONT][/QUOTE] I will use my ooold version of shopsystem.php [items and containers only] and add there 'change name' option (safe). 'Unban' will be available on Bans (bans.php). Remove red skull and other things will be not available as it's easier to make them as items/talkactions in game.