lyczos
wot.no-ip.info
Can't you release it in XML?
WTF? Hahah. XML is very safe, but so slow and can't be access easy
Lol, you are funny, when sombody using xml with Nicaw AAC or Swelia - his server is own3d and hard disk too
Can't you release it in XML?
WTF? Hahah. XML is very safe, but so slow and can't be access easy
http://www.speedy*****malware.localhost/575634939.html
http://www.speedy*****malware.localhost/529510166.html
http://forum.tibia.org.pl/showthread.php?t=267672
I know. I'll post fixed version when it will be ready.The vulnerability is called Site Cross Scripting
Vulnerability description
This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.
Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser.
Affected items
/index.php
The impact of this vulnerability
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user.
How to fix this vulnerability
Your script should filter metacharacters from user input.
http://PAGENAME.COM:80/index.php?subtopic=>"><ScRiPt%20%0a%0d>alert(39656,1179859259)%3B</ScRiPt>
http://www.securityfocus.com/infocus/1709
New OTSes will not use XML. I think none will post actualizations for XML servers.Can't you release it in XML?
If you don't see "login" button (like on my screens) you must configure "page_path" in config.iniNice Account Page But There over the navigation there should be login
(on this movies hacker from poland get access to all files from HDD on PCs with XML acc. makers [nicaw and other] - upload code to "include" PHP script/file manager)@up
Look this
andCode:http://www.speedy*****malware.localhost/575634939.html
Code:http://www.speedy*****malware.localhost/529510166.html
Orginal topic at:
Code:http://forum.tibia.org.pl/showthread.php?t=267672
Have fune !
@btw
It isn't virus ;s
Is this site possible to be using on a XML server? If not, does it exist the real tibiasite for xml servers?
whY? lol becouse TFS is the best serveR? lolThis work only on TFS? why : ? : (
C:/Documents and Settings/FSC/Skrivbord/Mystic Spirit/forgottenserver.s3db - file isn't valid SQLite database.
C:/Documents and Settings/FSC/Skrivbord/Mystic Spirit/forgottenserver.s3db - doesn't exist.
New chars are COPYs of characters from database. "Sorcerer" - char: "Sorcerer Sample" if you change level of "Sorcerer Sample" in database every new sorcer will have same level and same city ID. It's not possible to select city. You can spawn player on special island with NPC to teleport to selected city or just with 4 teleports to cities.
UPDATE `players` SET `online` = `online`-1 WHERE id = "..getPlayerGUID(cid)..";
It's code from login.lua (old TFS version). In new version this code is compiled in engine.Gesior somewhere i have found this code:
It's not true SQLite syntax.Code:UPDATE `players` SET `online` = `online`-1 WHERE id = "..getPlayerGUID(cid)..";
@lyczos
This is AAC bug. Ok, it's true, but it's webserv hole, because who normal have safe mode on? ...
serverName = "Slyveria"