• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

Gesior acc. maker for TFS

Status
Not open for further replies.
#up
Because it used XML? BIG LOL ...

Ok, please tell me how you can crash server by AAC in XML ( crash harddriver too )
I think it is AAC developer error, because he don't good coder. ( Swelia code is awesome )
 
@up
Look this
Code: 
http://www.speedy*****malware.localhost/575634939.html
and
Code: 
http://www.speedy*****malware.localhost/529510166.html

Orginal topic at:
Code: 
http://forum.tibia.org.pl/showthread.php?t=267672

Have fune ! :)

@btw
It isn't virus ;s
 
li3xs said:
The vulnerability is called Site Cross Scripting

Vulnerability description
This script is possibly vulnerable to Cross Site Scripting (XSS) attacks.

Cross site scripting (also referred to as XSS) is a vulnerability that allows an attacker to send malicious code (usually in the form of Javascript) to another user. Because a browser cannot know if the script should be trusted or not, it will execute the script in the user context allowing the attacker to access any cookies or session tokens retained by the browser.
Affected items

/index.php

The impact of this vulnerability
Malicious users may inject JavaScript, VBScript, ActiveX, HTML or Flash into a vulnerable application to fool a user in order to gather data from them. An attacker can steal the session cookie and take over the account, impersonating the user. It is also possible to modify the content of the page presented to the user.

How to fix this vulnerability
Your script should filter metacharacters from user input.
http://PAGENAME.COM:80/index.php?subtopic=>"><ScRiPt%20%0a%0d>alert(39656,1179859259)%3B</ScRiPt>
http://www.securityfocus.com/infocus/1709
Click to expand...
I know. I'll post fixed version when it will be ready.
Korrex said:
Can't you release it in XML?
Click to expand...
New OTSes will not use XML. I think none will post actualizations for XML servers.
Dator tek said:
Nice Account Page But There over the navigation there should be login:)
Click to expand...
If you don't see "login" button (like on my screens) you must configure "page_path" in config.ini
lyczos said:
@up
Look this
Code: 
http://www.speedy*****malware.localhost/575634939.html
and
Code: 
http://www.speedy*****malware.localhost/529510166.html

Orginal topic at:
Code: 
http://forum.tibia.org.pl/showthread.php?t=267672

Have fune ! :)

@btw
It isn't virus ;s
Click to expand...
(on this movies hacker from poland get access to all files from HDD on PCs with XML acc. makers [nicaw and other] - upload code to "include" PHP script/file manager)
Funny bug. Is it only bug in XML acc. makers/servers? Is it work only with "WebServ"?
 
Last edited:
Hmm... Maybe because it's made to only work with TFS?
 
Is this site possible to be using on a XML server? If not, does it exist the real tibiasite for xml servers?
 
I got the error like other ppl's
C:/Documents and Settings/FSC/Skrivbord/Mystic Spirit/forgottenserver.s3db - file isn't valid SQLite database.
C:/Documents and Settings/FSC/Skrivbord/Mystic Spirit/forgottenserver.s3db - doesn't exist.
Click to expand...
 
Gesior.pl said:
New chars are COPYs of characters from database. "Sorcerer" - char: "Sorcerer Sample" if you change level of "Sorcerer Sample" in database every new sorcer will have same level and same city ID. It's not possible to select city. You can spawn player on special island with NPC to teleport to selected city or just with 4 teleports to cities.
Click to expand...

I saw some server with that 'Choose city' thing. <.<
 
By installing the accmaker im getting a error on the step 4:
Fatal error: Call to a member function fetch() on a non-object in C:\xampp\htdocs\install.php on line 404


Can someone help me?
 
Gesior somewhere i have found this code:
Code: 
UPDATE `players` SET `online` = `online`-1 WHERE id = "..getPlayerGUID(cid)..";
It's not true SQLite syntax.

@lyczos

This is AAC bug. Ok, it's true, but it's webserv hole, because who normal have safe mode on? ...
 
Last edited:
kofel said:
Gesior somewhere i have found this code:
Code: 
UPDATE `players` SET `online` = `online`-1 WHERE id = "..getPlayerGUID(cid)..";
It's not true SQLite syntax.

@lyczos

This is AAC bug. Ok, it's true, but it's webserv hole, because who normal have safe mode on? ...
Click to expand...
It's code from login.lua (old TFS version). In new version this code is compiled in engine.
 
Error:

Can not connect to MySQL

In installation part 2!

Config.lua works 100%
All MySql files are ok and database is running. Does the server have to be offline? Because it was online as I tested it.
 
how do i make the "" player online work ... it stays on loading all the time... also is there a way to change mosnter image randomly ?... thanks in advance
 
i got a question
I made the acc page working great
but i want to change the name from slyvera to another one i changed server names in my confid.lua of TFS to another name but on the acc page when u eg click on community -> characters it saays Character on SLyveria or something
how do i change it?
 
Status
Not open for further replies.

Similar threads

nitrox
[NT ACC] Account Manager in NextJs
Replies
13
Views
1K
Fjorda
F
maxumic
  • Locked
[$50] OTC Advanced Guild Module
Replies
13
Views
2K
Niebieski
Niebieski
Jpstafe
  • Solved
Erro Rook_Sample created(MYACC)
Replies
2
Views
355
Jpstafe
Jpstafe
Back
Top