The Fate of Account Thieves (Portgas&co)

[BruThoL]

He's at least using mysql_real_escape_string() to sanitize his input as we can learn from this: http://silmaril.biz/checker.php?a[]=azd&p=azd
However, I don't think he separates user input and SQL (by using prepared statements), so there's probably ways for people to SELECT his entire table and perhaps do something with it, maybe output it in an error, I don't usually do these things though.

"http://silmaril.biz/checker.php?a[]=azd&p=azd"
Right, that's the adress i wrote in irc for loftar

But well, since he's probably doing : "insert into accounts (login, pass) values (mysql_real_escape_string($_GET['a']), mysql_real_escape_string($_GET['p']))"
I don't see much what we can do.
It seems pretty well protected against injection.
But we can still insert thousands of rows (I did 25k already) and let them have fun with this.
Btw, since they are entering credentials in a db, it probably means too that there is a web page where you can access all this information.

[xXGhostxX]

Alright, thanks to bruthol/ArvinJA(idk wasn't there the hole time), for those of you who actually still have the jar file, here's how to fix it
http://pastebin.com/ncz22230
Find that piece of code in the source, remove line 43. That removes the GET request. Which removes the factor of sending your info to the database. Re compile the .jar file. And you now have the client. Enjoy

[Britannia]

Might this

be the faggot?
[/url]

lol so that is tough guy? ))

[xXGhostxX]

So, this is his contact information. If your in the area of his address, and want to get some real life revenge on this guy. Have fun(it was posted everywhere anyway. RU forums, IRC these people never plan this out .)
During authorization, the client was breaking on IP 212.59.117.43 (hosting43.io-hosts.ru) and sends disk imaging slightly less kilobytes. IP zaregan on:
person: Vladimir Suntsov
address: 199 178, Saint-Petersburg, Russia, 11 line VO, 64d
phone: +78123317191
E-mail: vladimir@io-hosts.ru
Yes, passwords are gone.

[ewlol]

Right, the best way to handle the situation is to seek real life revenge for completely pretend and non existent items.

good lord what is wrong with haven and hearth.
jorb and loftar might as well just shut it down.

[boshaw]

Right, the best way to handle the situation is to seek real life revenge for completely pretend and non existent items.

good lord what is wrong with haven and hearth.
jorb and loftar might as well just shut it down.

this, some of you are going to far over a video game problem.

Anyway you should always be proceed with caution when dealing with private clients that aren't meant to be public, especially if you don't have source code or if you're to lazy to decompile (in the case of java).

[barracuda546]

Order 20 pizzas to his house! that will teach him a lesson

[Elaes]

Right, the best way to handle the situation is to seek real life revenge for completely pretend and non existent items.

good lord what is wrong with haven and hearth.
jorb and loftar might as well just shut it down.

actually is a moderator job to avoid people to post personal information about others.... and is not like in other games you never see ppl trying to scam/pish/steal account and so on. simply now we see people in rage reacting as dickheads no more no less as was the portgas action to steal acc's. simply many that fit this song no more no less http://www.youtube.com/watch?v=my7sxZ0KfHU

[xXGhostxX]

Right, the best way to handle the situation is to seek real life revenge for completely pretend and non existent items.

good lord what is wrong with haven and hearth.
jorb and loftar might as well just shut it down.

Not actually suggesting they get revenge . Just a joke. They have the liberty to do what they want with this information however. I don't actually reccomend they get real life revenge.

[ArvinJA]

So, this is his contact information. If your in the area of his address, and want to get some real life revenge on this guy. Have fun(it was posted everywhere anyway. RU forums, IRC these people never plan this out .)
During authorization, the client was breaking on IP 212.59.117.43 (hosting43.io-hosts.ru) and sends disk imaging slightly less kilobytes. IP zaregan on:
person: Vladimir Suntsov
address: 199 178, Saint-Petersburg, Russia, 11 line VO, 64d
phone: +78123317191
E-mail: vladimir@io-hosts.ru
Yes, passwords are gone.

Uh, that is just the contact info for his host.