[FIXED] Py Injection Exploit

*Description:

In the Metin2 sources there is a fairly large Exploit that allows Hackers to easily search in memory & compile scripts using the memory address c_pcFileData .

Below we find how to fix

*Download link / Code:

Jaxi said:

*Description:

In the Metin2 sources there is a fairly large Exploit that allows Hackers to easily search in memory & compile scripts using the memory address c_pcFileData .

Below we find how to fix

*Download link / Code:

Open ScriptLib/PythonLauncher.cpp and search for:

bool CPythonLauncher::RunMemoryTextFile(const char* c_szFileName, UINT uFileSize, const VOID* c_pvFileData)

Replace with:

C++:

bool CPythonLauncher::RunMemoryTextFile(const char* c_szFileName, UINT uFileSize, const VOID* c_pvFileData)
{
    const CHAR* c_pcFileData = (const CHAR*)c_pvFileData;
    std::string stConvFileData;
    stConvFileData.reserve(uFileSize);

    for (UINT i = 0; i < uFileSize; ++i)
    {
        if (c_pcFileData[i] != 13)
            stConvFileData += c_pcFileData[i];
    }

    const CHAR* c_pcConvFileData = stConvFileData.c_str();
    PyObject* pCompiledCode = Py_CompileString(c_pcConvFileData, c_szFileName, Py_file_input);//fix
    if (!pCompiledCode)
        return false;
    PyObject* pResult = PyEval_EvalCode((PyCodeObject*)pCompiledCode, m_poDic, m_poDic);
    Py_DECREF(pCompiledCode);//ref c
    if (!pResult)
        return false;

    Py_DECREF(pResult);
    if (Py_FlushLine())
        PyErr_Clear();

    return true;
}

If you have cython:
View attachment 482

Click to expand...

This post is visible to everyone, and will be monitored by forum moderators.

Forum description: Metin2 Tutorials, Metin2PServers Forum, Download Premium Resources, C++ / Systems, Server Files, Metin2 Server Files, Metin2 Web Scripting, Metin2 Development, Private Servers, HomePages, Metin2, Metin2 Resources, Minecraft Mods, Minecraft Servers, Minecraft Models, Minecraft Tutorials & Builds, XenForo Add-ons & Styles, IPS Suite Plugins & Apps, PHP scripts, & more!