1.0e+236 Again. - Githubissues

Numos59 / darkrp

Automatically exported from code.google.com/p/darkrp

0 stars 2 forks source link

1.0e+236 Again. #694

Open GoogleCodeExporter opened 8 years ago

GoogleCodeExporter commented 8 years ago

What is the problem?
Found a player with 1.0e+236 money in sv.db

What steps will reproduce the problem?
Haven't a clue, but there must be an exploit somewhere

Do you have any errors? serverside or clientside? If you do, which ones?
N/A

Are you using the downloaded version or an SVN revision (if SVN, which
revision number)?
Latest

Please provide any additional information below.

Player Name: |G4G| DksKnight {Dks}
SteamID: STEAM_0:0:32982037
Steam Community URL: http://steamcommunity.com/id/DksKnight/

Found with 1.0e+236 Money in wallet.

(Uses SethHack)

Original issue reported on code.google.com by joshbrea...@gmail.com on 4 Nov 2011 at 2:02

GoogleCodeExporter commented 8 years ago

Pretty much impossible for us to fix without more specific information, no-one 
else has reported anything, are you absolutely sure it's not an admin 
(accidentally?) giving out money?

Original comment by drakehawke@gmail.com on 4 Nov 2011 at 5:43

Changed state: Probably_invalid

GoogleCodeExporter commented 8 years ago

No admin other than me gets access to rp_setmoney (infact the command is 
changed, and locked to my steamid).

I looked within sv.db, and found him, not much more to say.

But there's definately an exploit somewhere.

(Nobody can change their money adminwise except for me)

Original comment by joshbrea...@gmail.com on 4 Nov 2011 at 9:06

GoogleCodeExporter commented 8 years ago

What about setting the print amount of a money printer? Or changing the max 
amount of money printers? Or rp_npckillpay? What about anyone with rcon/ftp 
access? Or (if you use ULX), the ulx ent, ulx rcon and ulx luarun commands?

Or if you're servers been going for a while, are you sure it isn't someone with 
money from a previous exploit that's now been fixed?

Even if there is an exploit, as I said before it's virtually impossible for us 
to fix it without knowing the method used.

Original comment by drakehawke@gmail.com on 4 Nov 2011 at 9:32

GoogleCodeExporter commented 8 years ago

The exploit is with the new refund system Drake.

Original comment by rokro...@gmail.com on 5 Nov 2011 at 9:34

GoogleCodeExporter commented 8 years ago

Original comment by fpeijnen...@gmail.com on 5 Nov 2011 at 11:17

Changed state: Fixed