RuneRebels
General => Suggestions, Compliments, And Questions => Started by: Sin on April 28, 2014, 06:42:27 pm
-
Hi im new here and i was wanting to look on the highscore but i can't seem to find it, is there a high score for this server? if so can someone link me it please. Thanks! :)
-
There was highscores since the beggining but they contained a major flaw, so yeah they're currently rebuilding the highscores
-
ok thanks!
-
There's nothing that can really be done to "rebuild" the highscores though. The major flaw was that someone hacked AGF servers using a mySQL injection awhile back, and unless mySQL has fixed this there's really nothing Ryan or anyone can do until mySQL fixes the security issues. And I'm fairly sure they have as the injection bug has been around for quite some time now.
-
There's nothing that can really be done to "rebuild" the highscores though. The major flaw was that someone hacked AGF servers using a mySQL injection awhile back, and unless mySQL has fixed this there's really nothing Ryan or anyone can do until mySQL fixes the security issues. And I'm fairly sure they have as the injection bug has been around for quite some time now.
It's not mysql who has to fix it but ryan, he's currently working on recoding the whole highscores
-
There's nothing that can really be done to "rebuild" the highscores though. The major flaw was that someone hacked AGF servers using a mySQL injection awhile back, and unless mySQL has fixed this there's really nothing Ryan or anyone can do until mySQL fixes the security issues. And I'm fairly sure they have as the injection bug has been around for quite some time now.
It's not mysql who has to fix it but ryan, he's currently working on recoding the whole highscores
Of course it was mySQL's fault. I don't know if you know how they actually hacked it succesfully, but it really is extremely simple. A child could do it. It's a problem regarding mySQL and the syntax used to declare strings (a.k.a. = ""). You can basically break the syntax with a login that messes with these strings. That's all Aaron did, it didn't take a genius to figure it out, just a guy who knows how to look up on youtube "how to hack a website".
Oh and if you don't believe me here's a video that backs my claims up: https://www.youtube.com/watch?v=PB7hWlqTSqs (https://www.youtube.com/watch?v=PB7hWlqTSqs). It was and is a legitimate issue as this caused a ton of sites to get bypassed since the community and user-base behind mySQL is absolutely huge.
-
There's nothing that can really be done to "rebuild" the highscores though. The major flaw was that someone hacked AGF servers using a mySQL injection awhile back, and unless mySQL has fixed this there's really nothing Ryan or anyone can do until mySQL fixes the security issues. And I'm fairly sure they have as the injection bug has been around for quite some time now.
It's not mysql who has to fix it but ryan, he's currently working on recoding the whole highscores
Of course it was mySQL's fault. I don't know if you know how they actually hacked it succesfully, but it really is extremely simple. A child could do it. It's a problem regarding mySQL and the syntax used to declare strings (a.k.a. = ""). You can basically break the syntax with a login that messes with these strings. That's all Aaron did, it didn't take a genius to figure it out, just a guy who knows how to look up on youtube "how to hack a website".
Oh and if you don't believe me here's a video that backs my claims up: https://www.youtube.com/watch?v=PB7hWlqTSqs (https://www.youtube.com/watch?v=PB7hWlqTSqs). It was and is a legitimate issue as this caused a ton of sites to get bypassed since the community and user-base behind mySQL is absolutely huge.
Problem isn't SQL, it was how he coded it all together. Notice how lots of other servers have highscores that aren't being injected onto because it's fixed. Ryan just needs to fix his code to not allow mock code to pass by
-
The highscores are being rewritten at the moment. :)
-
The highscores are being rewritten at the moment. :)
I don't understand why everyone wants to see me at the top ::)
-
Problem isn't SQL, it was how he coded it all together. Notice how lots of other servers have highscores that aren't being injected onto because it's fixed. Ryan just needs to fix his code to not allow mock code to pass by
Well then I suppose it's how you look at it. To me it's a major flaw in SQL syntax even if there are ways of independent developers who use SQL services to get around it. I suppose I was just arguing that the users of SQL services shouldn't be made responsible for such a gaping vulnerability.
-
Problem isn't SQL, it was how he coded it all together. Notice how lots of other servers have highscores that aren't being injected onto because it's fixed. Ryan just needs to fix his code to not allow mock code to pass by
Well then I suppose it's how you look at it. To me it's a major flaw in SQL syntax even if there are ways of independent developers who use SQL services to get around it. I suppose I was just arguing that the users of SQL services shouldn't be made responsible for such a gaping vulnerability.
Well thats why we should switch to PDO huehue