AwakenedLands Forums

(2010.Sep.29 08:02 PM)emocakes Wrote: [ -> ]excuse me tommi, this dickwipe doesnt hunt for exploits. Exploits find me, then i inform the admin of the appropriate action to be taken.

Fairly late. I'm very certain you have said somewhere in the forums you hunt for exploits. I could also hunt for messages saying the same thing.

I'm lazy, though. This idea sounds nice, though. It'll be neat, if it works.

Tommi, im pretty positive that you dont even know what an exploit is. When you are a web developer, and have developer tools installed in your browser (i.e: firebug) exploits do find you.

Heres a simple example. When you attack someone, you have an option to select hospitalise, berzerk, leave, mug. Look at the html code and you will see that each of those options has a value, be it a number or a string. when you click attack, it submits the form, along with those values. generally you can only use values that the server provided you when you clicked the attack page. now if you just submit the form with your own values, that is "exploiting" (provided the form handling code doesnt have safeguards for that, which it didnt before i notified zen, not zens fault, it was err who coded the faulty pages).

Im not sitting here writing little command line apps to SQL inject extra money into my bank account.

Zen is actively working on making it harder for people to cheat this game, if you noticed what the changes she made when she "made it harder to crime with a bot" all that does is obsfucate (big word) the form values so people can't just submit the same old docrime.php?id=43 (lets say that is complex meth lab). the new crime links are like, docrime.php?FXDv8ArHq4jgj3CwS8L2Pe+gSjtkVuDBICixTlC75fd= and they change everytime you load the page.

(2010.Sep.29 08:22 PM)emocakes Wrote: [ -> ]Tommi, im pretty positive that you dont even know what an exploit is. When you are a web developer, and have developer tools installed in your browser (i.e: firebug) exploits do find you.

Heres a simple example. When you attack someone, you have an option to select hospitalise, berzerk, leave, mug. Look at the html code and you will see that each of those options has a value, be it a number or a string. when you click attack, it submits the form, along with those values. generally you can only use values that the server provided you when you clicked the attack page. now if you just submit the form with your own values, that is "exploiting" (provided the form handling code doesnt have safeguards for that, which it didnt before i notified zen, not zens fault, it was err who coded the faulty pages).

Im not sitting here writing little command line apps to SQL inject extra money into my bank account.

Cheating, white liar.

i aint no cheat, i just got more brains than you. You are like the amish, OMG electricity is evil...

btw, who likes backstreet boys?

(2010.Sep.29 08:22 PM)emocakes Wrote: [ -> ]Tommi

That's me.

And you are a cheat.

do you like backstreet boys?

not a cheat necessarily, just stupid enough to donate alot of RL money to this game.

So...When're you going to make another $1,000,000 worth of credits?

(2010.Sep.29 08:35 PM)TommiTheTaco Wrote: [ -> ]So...When're you going to make another $1,000,000 worth of credits?

when the next credit exploit hits me in the face. and it was more than $1,000,000 worth before. i think it was around 40million worth. (hit 0 too many times when testing it)

btw, do you Coco Jamboo?

(2010.Sep.29 08:36 PM)emocakes Wrote: [ -> ]

(2010.Sep.29 08:35 PM)TommiTheTaco Wrote: [ -> ]So...When're you going to make another $1,000,000 worth of credits?

when i find the next credit exploit i'm. and it was more than $1,000,000 worth before. i think it was around 40million worth. (hit 0 too many times when using it for my own benefit)

Cool.

ass bandit