Author Topic: Highscores  (Read 5381 times)

Sin

  • Rebel Recruit

  • Offline
  • *

  • 11
    • View Profile
Highscores
« on: April 28, 2014, 06:42:27 pm »
Hi im new here and i was wanting to look on the highscore but i can't seem to find it, is there a high score for this server? if so can someone link me it please. Thanks! :)

Prayer

  • Player Moderator
  • Rebel General

  • Offline
  • *
  • *

  • 1925
    • View Profile
Re: Highscores
« Reply #1 on: April 28, 2014, 07:17:30 pm »
There was highscores since the beggining but they contained a major flaw, so yeah they're currently rebuilding the highscores


Sin

  • Rebel Recruit

  • Offline
  • *

  • 11
    • View Profile
Re: Highscores
« Reply #2 on: April 28, 2014, 07:31:25 pm »
ok thanks!

Recoil

  • Rebel Leader

  • Offline
  • ***
  • *
  • *
  • Power Absolute

  • 117
  • Personal Text
    Surprise, bitch!
    • View Profile
    • My Development Projects
Re: Highscores
« Reply #3 on: April 29, 2014, 10:40:28 pm »
There's nothing that can really be done to "rebuild" the highscores though. The major flaw was that someone hacked AGF servers using a mySQL injection awhile back, and unless mySQL has fixed this there's really nothing Ryan or anyone can do until mySQL fixes the security issues. And I'm fairly sure they have as the injection bug has been around for quite some time now.

Onur

  • Owner & Operator
  • Rebel General

  • Offline
  • *

  • 1283
    • View Profile
Re: Highscores
« Reply #4 on: April 30, 2014, 02:58:53 am »
There's nothing that can really be done to "rebuild" the highscores though. The major flaw was that someone hacked AGF servers using a mySQL injection awhile back, and unless mySQL has fixed this there's really nothing Ryan or anyone can do until mySQL fixes the security issues. And I'm fairly sure they have as the injection bug has been around for quite some time now.
It's not mysql who has to fix it but ryan, he's currently working on recoding the whole highscores

it isnt omar til omar says its omar

Recoil

  • Rebel Leader

  • Offline
  • ***
  • *
  • *
  • Power Absolute

  • 117
  • Personal Text
    Surprise, bitch!
    • View Profile
    • My Development Projects
Re: Highscores
« Reply #5 on: April 30, 2014, 06:39:32 pm »
There's nothing that can really be done to "rebuild" the highscores though. The major flaw was that someone hacked AGF servers using a mySQL injection awhile back, and unless mySQL has fixed this there's really nothing Ryan or anyone can do until mySQL fixes the security issues. And I'm fairly sure they have as the injection bug has been around for quite some time now.
It's not mysql who has to fix it but ryan, he's currently working on recoding the whole highscores
Of course it was mySQL's fault. I don't know if you know how they actually hacked it succesfully, but it really is extremely simple. A child could do it. It's a problem regarding mySQL and the syntax used to declare strings (a.k.a. = ""). You can basically break the syntax with a login that messes with these strings. That's all Aaron did, it didn't take a genius to figure it out, just a guy who knows how to look up on youtube "how to hack a website".

Oh and if you don't believe me here's a video that backs my claims up: https://www.youtube.com/watch?v=PB7hWlqTSqs. It was and is a legitimate issue as this caused a ton of sites to get bypassed since the community and user-base behind mySQL is absolutely huge.

Prayer

  • Player Moderator
  • Rebel General

  • Offline
  • *
  • *

  • 1925
    • View Profile
Re: Highscores
« Reply #6 on: April 30, 2014, 07:49:20 pm »
There's nothing that can really be done to "rebuild" the highscores though. The major flaw was that someone hacked AGF servers using a mySQL injection awhile back, and unless mySQL has fixed this there's really nothing Ryan or anyone can do until mySQL fixes the security issues. And I'm fairly sure they have as the injection bug has been around for quite some time now.
It's not mysql who has to fix it but ryan, he's currently working on recoding the whole highscores
Of course it was mySQL's fault. I don't know if you know how they actually hacked it succesfully, but it really is extremely simple. A child could do it. It's a problem regarding mySQL and the syntax used to declare strings (a.k.a. = ""). You can basically break the syntax with a login that messes with these strings. That's all Aaron did, it didn't take a genius to figure it out, just a guy who knows how to look up on youtube "how to hack a website".

Oh and if you don't believe me here's a video that backs my claims up: https://www.youtube.com/watch?v=PB7hWlqTSqs. It was and is a legitimate issue as this caused a ton of sites to get bypassed since the community and user-base behind mySQL is absolutely huge.

Problem isn't SQL, it was how he coded it all together. Notice how lots of other servers have highscores that aren't being injected onto because it's fixed. Ryan just needs to fix his code to not allow mock code to pass by


Ry60003333

  • Owner & Operator
  • Rebel Captain

  • Offline
  • *

  • 714
    • View Profile
Re: Highscores
« Reply #7 on: April 30, 2014, 08:30:17 pm »
The highscores are being rewritten at the moment. :)

Justin

  • Veteran
  • Rebel Leader

  • Offline
  • *
  • *

  • 212
    • View Profile
Re: Highscores
« Reply #8 on: April 30, 2014, 08:50:28 pm »
The highscores are being rewritten at the moment. :)
I don't understand why everyone wants to see me at the top ::)

Recoil

  • Rebel Leader

  • Offline
  • ***
  • *
  • *
  • Power Absolute

  • 117
  • Personal Text
    Surprise, bitch!
    • View Profile
    • My Development Projects
Re: Highscores
« Reply #9 on: May 01, 2014, 02:22:52 am »
Problem isn't SQL, it was how he coded it all together. Notice how lots of other servers have highscores that aren't being injected onto because it's fixed. Ryan just needs to fix his code to not allow mock code to pass by

Well then I suppose it's how you look at it. To me it's a major flaw in SQL syntax even if there are ways of independent developers who use SQL services to get around it. I suppose I was just arguing that the users of SQL services shouldn't be made responsible for such a gaping vulnerability.

Onur

  • Owner & Operator
  • Rebel General

  • Offline
  • *

  • 1283
    • View Profile
Re: Highscores
« Reply #10 on: May 01, 2014, 02:52:17 am »
Problem isn't SQL, it was how he coded it all together. Notice how lots of other servers have highscores that aren't being injected onto because it's fixed. Ryan just needs to fix his code to not allow mock code to pass by

Well then I suppose it's how you look at it. To me it's a major flaw in SQL syntax even if there are ways of independent developers who use SQL services to get around it. I suppose I was just arguing that the users of SQL services shouldn't be made responsible for such a gaping vulnerability.
Well thats why we should switch to PDO huehue

it isnt omar til omar says its omar