Vulnerability to packet 0x34?

Want to discuss changes to the UOX3 source code? Got a code-snippet you'd like to post? Anything related to coding/programming goes here!
Post Reply
User avatar
Xuri
Site Admin
Posts: 3704
Joined: Mon Jun 02, 2003 9:11 am
Location: Norway
Has thanked: 48 times
Been thanked: 8 times
Contact:
Contact Xuri

Vulnerability to packet 0x34?

Post by Xuri »

Are we vulnerable to "sniffing" like described here in the POL forums?
This stops players from using programs like injection to check to see if staff are online. Also logs when a player uses it to check staff or someone that's hidden/really far away.

0x34 GetStatus Packethook.
Unrar and Compile.
About packet 0x34:
Packet Name: Get Player Status

Packet Build: BYTE cmd

BYTE[4] pattern (0xedededed)

BYTE[1] getType

� 0x04 - Basic Stats (Packet 0x11 Return)

� 0x05 = Skills (Packet 0x3A Return)

BYTE[4] playerID
-= Ho Eyo He Hum =-
Top
giwo
Developer
Posts: 1780
Joined: Fri Jun 18, 2004 4:17 pm
Location: California
Has thanked: 0
Been thanked: 0

Post by giwo »

Yes, we don't have any checks on the statwindow function, so it would be vulnerable to that type of attack.

I've added some code which should protect from that kind of behavior.
Top
Post Reply

Return to “Coder's Corner”