weeztor / darkrp

Automatically exported from code.google.com/p/darkrp
0 stars 1 forks source link

1.0e+236 Again. #694

Open GoogleCodeExporter opened 9 years ago

GoogleCodeExporter commented 9 years ago
What is the problem?
Found a player with 1.0e+236 money in sv.db

What steps will reproduce the problem?
Haven't a clue, but there must be an exploit somewhere

Do you have any errors? serverside or clientside? If you do, which ones?
N/A

Are you using the downloaded version or an SVN revision (if SVN, which
revision number)?
Latest

Please provide any additional information below.

Player Name: |G4G| DksKnight {Dks}
SteamID: STEAM_0:0:32982037
Steam Community URL: http://steamcommunity.com/id/DksKnight/

Found with 1.0e+236 Money in wallet.

(Uses SethHack)

Original issue reported on code.google.com by joshbrea...@gmail.com on 4 Nov 2011 at 2:02

GoogleCodeExporter commented 9 years ago
Pretty much impossible for us to fix without more specific information, no-one 
else has reported anything, are you absolutely sure it's not an admin 
(accidentally?) giving out money?

Original comment by drakehawke@gmail.com on 4 Nov 2011 at 5:43

GoogleCodeExporter commented 9 years ago
No admin other than me gets access to rp_setmoney (infact the command is 
changed, and locked to my steamid).

I looked within sv.db, and found him, not much more to say.

But there's definately an exploit somewhere.

(Nobody can change their money adminwise except for me)

Original comment by joshbrea...@gmail.com on 4 Nov 2011 at 9:06

GoogleCodeExporter commented 9 years ago
What about setting the print amount of a money printer? Or changing the max 
amount of money printers? Or rp_npckillpay? What about anyone with rcon/ftp 
access? Or (if you use ULX), the ulx ent, ulx rcon and ulx luarun commands?

Or if you're servers been going for a while, are you sure it isn't someone with 
money from a previous exploit that's now been fixed?

Even if there is an exploit, as I said before it's virtually impossible for us 
to fix it without knowing the method used.

Original comment by drakehawke@gmail.com on 4 Nov 2011 at 9:32

GoogleCodeExporter commented 9 years ago
The exploit is with the new refund system Drake.

Original comment by rokro...@gmail.com on 5 Nov 2011 at 9:34

GoogleCodeExporter commented 9 years ago

Original comment by fpeijnen...@gmail.com on 5 Nov 2011 at 11:17