UOX3.org

Ultima Offline eXperiment 3 forums
https://www.uox3.org:443/forums/

Vulnerability to packet 0x34?

https://www.uox3.org:443/forums/viewtopic.php?f=6&t=1607

Page 1 of 1

Vulnerability to packet 0x34?

Posted: Tue Jun 24, 2008 9:52 am
by Xuri
Are we vulnerable to "sniffing" like described here in the POL forums?
This stops players from using programs like injection to check to see if staff are online. Also logs when a player uses it to check staff or someone that's hidden/really far away.

0x34 GetStatus Packethook.
Unrar and Compile.
About packet 0x34:
Packet Name: Get Player Status

Packet Build: BYTE cmd

BYTE[4] pattern (0xedededed)

BYTE[1] getType

� 0x04 - Basic Stats (Packet 0x11 Return)

� 0x05 = Skills (Packet 0x3A Return)

BYTE[4] playerID

Posted: Tue Jun 24, 2008 5:18 pm
by giwo
Yes, we don't have any checks on the statwindow function, so it would be vulnerable to that type of attack.

I've added some code which should protect from that kind of behavior.
All times are UTC+01:00
Page 1 of 1

Powered by phpBB® Forum Software © phpBB Limited