• There is NO official Otland's Discord server and NO official Otland's server list. The Otland's Staff does not manage any Discord server or server list. Moderators or administrator of any Discord server or server lists have NO connection to the Otland's Staff. Do not get scammed!

MyAAC v0.8.13

Hello everybody!

There has been an issue discovered recently, that can lead to completely takeover of your server.

If you are using any version of MyAAC starting from 0.8.0 up to 0.8.5 (this issue has been fixed in 0.8.6) read below!!!

If you see in Plugins page in your Admin Panel that the plugin "Security Patch #2020-06-21-01" has been installed, that means you are safe.
1625950168368.png

The Fix is available on GitHub, apply as needed: This is the actual security fix · slawkens/myaac@a2a773d (https://github.com/slawkens/myaac/commit/a2a773d714509654d95f6b559c186db29ce1eafb)

I patched automatically over 80 websites using MyAAC. But there still may be some websites under development that doesn't know about this.
So I write this post, to make you safe against this vulnerability.
 
Hello everybody!

There has been an issue discovered recently, that can lead to completely takeover of your server.

If you are using any version of MyAAC starting from 0.8.0 up to 0.8.5 (this issue has been fixed in 0.8.6) read below!!!

If you see in Plugins page in your Admin Panel that the plugin "Security Patch #2020-06-21-01" has been installed, that means you are safe.
View attachment 60189

The Fix is available on GitHub, apply as needed: This is the actual security fix · slawkens/myaac@a2a773d (https://github.com/slawkens/myaac/commit/a2a773d714509654d95f6b559c186db29ce1eafb)

I patched automatically over 80 websites using MyAAC. But there still may be some websites under development that doesn't know about this.
So I write this post, to make you safe against this vulnerability.
Lmao, so it was you. This guy is dangerous xD from no where i found security log and updated on my site, cool break through if you didn't add like a patching system or something in myaac, btw thanks for the fix!
 
Hello everybody!

There has been an issue discovered recently, that can lead to completely takeover of your server.

If you are using any version of MyAAC starting from 0.8.0 up to 0.8.5 (this issue has been fixed in 0.8.6) read below!!!

If you see in Plugins page in your Admin Panel that the plugin "Security Patch #2020-06-21-01" has been installed, that means you are safe.
View attachment 60189

The Fix is available on GitHub, apply as needed: This is the actual security fix · slawkens/myaac@a2a773d (https://github.com/slawkens/myaac/commit/a2a773d714509654d95f6b559c186db29ce1eafb)

I patched automatically over 80 websites using MyAAC. But there still may be some websites under development that doesn't know about this.
So I write this post, to make you safe against this vulnerability.


Some of my pages stopped work after this commit, report is page is not found, but just my shop page you know how i can fix it ?
 
I just started using myaac and installed everything fine but when i create an account the passwords are encrypted in another way than sha1, and in the config.lua i have sha1, i use tfs 0.4 what should i do?
 
I just started using myaac and installed everything fine but when i create an account the passwords are encrypted in another way than sha1, and in the config.lua i have sha1, i use tfs 0.4 what should i do?
go to ur database and remove salt from accounts table and then in config.local.php set env to "dev" and then you will need to create account again and then try to login

edit
don't remove the account have char druid and knight sample
 
The future is here! Let people completely take over your server!
 
I haven't had a look at Znote, no platform or AAC is ever 100% secure.
Znote and MyAAC have had a lot of effort put into them to ensure they are secure (I haven't used other AAC's so cannot judge).

No-one was aware this issue even existed and the only person I told was Slaw after I discovered it.
If it hadn't been announced and silently patched out in future updates no-one would have even be aware of it (Its been in many versions).
 
maybe send an email to the email in the notice.
It was silently patched because if users were made aware of it they could exploit it on the top websites and take over a server how ever they deemed fit.
Much better than me saying "HEY EVERYONE JUST SO YOU KNOW IF YOU XYZ YOU CAN TAKE OVER A SERVER".

I think it was handled by Slaw, exactly how it should have been.
 
It was silently patched because if users were made aware of it they could exploit it on the top websites and take over a server how ever they deemed fit.
Much better than me saying "HEY EVERYONE JUST SO YOU KNOW IF YOU XYZ YOU CAN TAKE OVER A SERVER".

I think it was handled by Slaw, exactly how it should have been.

I was replying to a comment that was removed :/

Makes no sense now.
 
@slaw
I think the part from character creation with the skills isn't working properly:
CreateCharacter.php
PHP:
        for($skill = POT::SKILL_FIRST; $skill <= POT::SKILL_LAST; $skill++)
            $player->setSkill($skill, 10);

Even though my example knight/paladin have 30 shielding, they will always get the skill 10 as set above.
Is it possible to also set the right skills from the example characters?
 
@slaw
I think the part from character creation with the skills isn't working properly:
CreateCharacter.php
PHP:
        for($skill = POT::SKILL_FIRST; $skill <= POT::SKILL_LAST; $skill++)
            $player->setSkill($skill, 10);

Even though my example knight/paladin have 30 shielding, they will always get the skill 10 as set above.
Is it possible to also set the right skills from the example characters?
PHP:
$player->setSkill($skill, $char_to_copy->getSkill($skill));

try something like that
 
Is it possible to show only the monsters I have in my spawn-file?
If it's the basic setting, how can I get it back after using this plugin?
 
Back
Top