• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Configuration Gesior AAC Exploits! [All Versions]

Cykotitan said:
why not focus on dropping POT and cleaning up the few remaining scripts, it might still have some potential

bug tracker is "sort of" an exploit because it doesn't use htmlspecialchars for some fields
Click to expand...

You already have developed a acc without pot isnt it?
 
Solution for latestnews.php - Ticker Bug:
In the config/config.php add this:
PHP: 
$config['site']['access_tickers'] = 3; // access level needed to edit ticker

Sorry to revive the topic, but many people have this problem!
 
digo1040 said:
Solution for latestnews.php - Ticker Bug:
In the config/config.php add this:
PHP: 
$config['site']['access_tickers'] = 3; // access level needed to edit ticker

Sorry to revive the topic, but many people have this problem!
Click to expand...

If I'm not mistaken, there was a way around this..

Red
 
OMG!
I never imagined that Gesior had several exploits so, but from what I see, is missing a few to add to list
 
and remove webdav file in xampp folder, don't know how people can upload shells and modify your database, maybe houses or guild logo
 
Notice: Undefined index: page in C:\xampp\htdocs\install.php on line 40

Notice: Undefined index: page in C:\xampp\htdocs\install.php on line 52

Notice: Undefined index: page in C:\xampp\htdocs\install.php on line 63
 
- The PHP GIF security issue

The problem that was discovered is that you can insert PHP code in the middle of a GIF image. That would not be a problem if it was not for the insecure ways some developers use to serve images upload by their users.

Usually, uploaded files are moved to a given directory. If the site then serves the images directly from that directory and preserve the original file name, the site may be open for security exploits.

For instance, lets say the attacker uploads an image named image.gif.php . The image may be moved to the images directory. If the the Web server is configured as usual to process requests with files .php extension, and the site serves the image with the following URL, the request will execute the PHP code inside the image.

http://www.yoursite.com/images/image.gif.php
Click to expand...
This is fixed? I can't upload any files with asdasd.gif.php as extension on my site?
 

Similar threads

Jpstafe
  • Solved
Erro Rook_Sample created(MYACC)
Replies
2
Views
327
Jpstafe
Jpstafe
PuszekLDZ
[Poland] [7.4] [Real Map] Medium Rate Tibia 7.4 - 4FUN server [12 Jan 2024 17:00 CET]
Replies
7
Views
1K
Kresh170
Kresh170
Fortera Global
[Brasil][13.21+] ForteraOT - [10.19.2023 - 19:00]
Replies
2
Views
471
Fortera Global
Fortera Global
Joriku
[Znote Acc] Simple wiki page
Replies
2
Views
567
Joriku
Joriku
Back
Top