• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Configuration Gesior AAC Exploits! [All Versions]

Solution for guilds.php

Replace:
PHP: 
$guild_logo = $guild->getCustomField('logo_gfx_name'); if(empty($guild_logo) || !file_exists("guilds/".$guild_logo)) $guild_logo = "default_logo.gif";

With this:
PHP: 
foreach (array("/", "\\", "..") as $char) {
	$guild_logo = str_replace($char, "", $guild->getCustomField('logo_gfx_name'));
}
if (empty($guild_logo) || !file_exists("guilds/".$guild_logo)) {
	$guild_logo = "default_logo.gif";
}

This will remove "/", "\" and ".." from the guild_logo name. Now it should be impossible to hack gesiors AAC through guilds.php this way.

Credits to stian for the idea.


Concerning Gesiors AAC in general, I think it's the worst scripted and screwed up project ever. No offense to Gesior, he helped a lot of people. But it's still a dangerous cancer in the OT community. People wont leave it because no one is doing anything better. Talaturens CMS is a good start, but it's still incomplete. It doesn't have all the features that Gesiors AAC has.

Imo, get rid of this AAC. Stop scripting new features for it. Move on to something better.
 
Last edited:
Mazen said:
Solution for guilds.php

Replace:
PHP: 
$guild_logo = $guild->getCustomField('logo_gfx_name'); if(empty($guild_logo) || !file_exists("guilds/".$guild_logo)) $guild_logo = "default_logo.gif";

With this:
PHP: 
foreach (array("/", "\\", "..") as $char) {
	$guild_logo = str_replace($char, "", $guild->getCustomField('logo_gfx_name'));
}
if (empty($guild_logo) || !file_exists("guilds/".$guild_logo)) {
	$guild_logo = "default_logo.gif";
}

This will remove "/", "\" and ".." from the guild_logo name. Now it should be impossible to hack gesiors AAC through guilds.php this way.

Credits to stian for the idea.


Concerning Gesiors AAC in general, I think it's the most bad scripted and screwed up project ever. No offense to Gesior, he helped a lot of people. But it's still a dangerous cancer in the OT community. People wont leave it because no one is doing anything better. Talaturens CMS is a good start, but it's still incomplete. It doesn't have all the features that Gesiors AAC has.

Imo, get rid of this AAC. Stop scripting new features for it. Move on to something better.
Click to expand...

There is already my AAC maker in development, which could be already used but it's not fully finished, there is also Marlex AAC which will be relased soon. So there will be 2 good AAC makers to choose from.
 
Paxton said:
There is already my AAC maker in development, which could be already used but it's not fully finished, there is also Marlex AAC which will be relased soon. So there will be 2 good AAC makers to choose from.
Click to expand...

That sounds really good. I hope these 2 will replace Gesiors AAC completely.
 
Updated the first page.
Thank you Mazen/stian!

Red
 
Dulin said:
Yes, i create with widnet new custom project hardened gesior AAC. I need great ideas, and creative people.
Click to expand...
Well I dont think people would trust you and download your "new project"... I wouldnt :)
 
Thanks for allowing the community to know about this exploit. Just replaced the code with Mazens code :).
 
Well, I wrote (as a joke tho) that they should have a IQ test as part of the installation process. When thinking some extra about it; it might solve some issues.
 
Paxton said:
Because everyone is using Gesior and they think 'oh, everyone is using it, it must be safe!'
Click to expand...

It was rhetorical question my Phpized Almost seXy Thin Overall Nice Polish Boy :):)
 
stian said:
Well, I wrote (as a joke tho) that they should have a IQ test as part of the installation process. When thinking some extra about it; it might solve some issues.
Click to expand...

I will include that into my AAC Maker! :$:peace:


@up

sexxyy
 
well, two nice aacs will be great, but fixing gesior wont hurt too I think(all the time before new ones release gesior will be used so...)
but well, I guess no svn should be used, just this topic with: bug and ideas how to solve it(just if you found anythink or know how to fix some known bug post it)(whole community projects that YOU re updating with new features YOURSELF are probably most safe etc)
Wellis said:
signatur.php and the eq shower script, too.
Click to expand...
What do you mean by eqshower?(I guess in sig you mean using the get as char name? but in eqshower I cannot find anything)
 
Noobshoot said:
i thought you were the fool, since you were hax recently be careful with exploits
Click to expand...
Ye, also you were fooled too cuz your "team" is adding exploit you gesior aac so they can hack any server without including you. I got fooled once but you're being fooled right now :) and more and more by the day..
 
zakius said:
well, two nice aacs will be great, but fixing gesior wont hurt too I think(all the time before new ones release gesior will be used so...)
but well, I guess no svn should be used, just this topic with: bug and ideas how to solve it(just if you found anythink or know how to fix some known bug post it)(whole community projects that YOU re updating with new features YOURSELF are probably most safe etc)

What do you mean by eqshower?(I guess in sig you mean using the get as char name? but in eqshower I cannot find anything)
Click to expand...

The Gesiors AAC code is too messy to be fixed. The whole project is one huge mess.
 
:O i use Gesior acc :(, when the news Acc will be launched?
 

Similar threads

Jpstafe
  • Solved
Erro Rook_Sample created(MYACC)
Replies
2
Views
353
Jpstafe
Jpstafe
PuszekLDZ
[Poland] [7.4] [Real Map] Medium Rate Tibia 7.4 - 4FUN server [12 Jan 2024 17:00 CET]
Replies
7
Views
1K
Kresh170
Kresh170
Fortera Global
[Brasil][13.21+] ForteraOT - [10.19.2023 - 19:00]
Replies
2
Views
481
Fortera Global
Fortera Global
Joriku
[Znote Acc] Simple wiki page
Replies
2
Views
593
Joriku
Joriku
Back
Top