Highscores

Sin · April 28, 2014, 06:42:27 PM

Hi im new here and i was wanting to look on the highscore but i can't seem to find it, is there a high score for this server? if so can someone link me it please. Thanks! :)

Prayer · April 28, 2014, 07:17:30 PM

There was highscores since the beggining but they contained a major flaw, so yeah they're currently rebuilding the highscores

Sin · April 28, 2014, 07:31:25 PM

ok thanks!

Recoil · April 29, 2014, 10:40:28 PM

There's nothing that can really be done to "rebuild" the highscores though. The major flaw was that someone hacked AGF servers using a mySQL injection awhile back, and unless mySQL has fixed this there's really nothing Ryan or anyone can do until mySQL fixes the security issues. And I'm fairly sure they have as the injection bug has been around for quite some time now.

Onur · April 30, 2014, 02:58:53 AM

Quote from: Recoil on April 29, 2014, 10:40:28 PM
There's nothing that can really be done to "rebuild" the highscores though. The major flaw was that someone hacked AGF servers using a mySQL injection awhile back, and unless mySQL has fixed this there's really nothing Ryan or anyone can do until mySQL fixes the security issues. And I'm fairly sure they have as the injection bug has been around for quite some time now.

It's not mysql who has to fix it but ryan, he's currently working on recoding the whole highscores

Recoil · April 30, 2014, 06:39:32 PM

Quote from: Onur on April 30, 2014, 02:58:53 AM
Quote from: Recoil on April 29, 2014, 10:40:28 PM
There's nothing that can really be done to "rebuild" the highscores though. The major flaw was that someone hacked AGF servers using a mySQL injection awhile back, and unless mySQL has fixed this there's really nothing Ryan or anyone can do until mySQL fixes the security issues. And I'm fairly sure they have as the injection bug has been around for quite some time now.
It's not mysql who has to fix it but ryan, he's currently working on recoding the whole highscores

Of course it was mySQL's fault. I don't know if you know how they actually hacked it succesfully, but it really is extremely simple. A child could do it. It's a problem regarding mySQL and the syntax used to declare strings (a.k.a. = ""). You can basically break the syntax with a login that messes with these strings. That's all Aaron did, it didn't take a genius to figure it out, just a guy who knows how to look up on youtube "how to hack a website".

Oh and if you don't believe me here's a video that backs my claims up: https://www.youtube.com/watch?v=PB7hWlqTSqs. It was and is a legitimate issue as this caused a ton of sites to get bypassed since the community and user-base behind mySQL is absolutely huge.

Prayer · April 30, 2014, 07:49:20 PM

Quote from: Recoil on April 30, 2014, 06:39:32 PM
Quote from: Onur on April 30, 2014, 02:58:53 AM
Quote from: Recoil on April 29, 2014, 10:40:28 PM
There's nothing that can really be done to "rebuild" the highscores though. The major flaw was that someone hacked AGF servers using a mySQL injection awhile back, and unless mySQL has fixed this there's really nothing Ryan or anyone can do until mySQL fixes the security issues. And I'm fairly sure they have as the injection bug has been around for quite some time now.
It's not mysql who has to fix it but ryan, he's currently working on recoding the whole highscores
Of course it was mySQL's fault. I don't know if you know how they actually hacked it succesfully, but it really is extremely simple. A child could do it. It's a problem regarding mySQL and the syntax used to declare strings (a.k.a. = ""). You can basically break the syntax with a login that messes with these strings. That's all Aaron did, it didn't take a genius to figure it out, just a guy who knows how to look up on youtube "how to hack a website".

Oh and if you don't believe me here's a video that backs my claims up: https://www.youtube.com/watch?v=PB7hWlqTSqs. It was and is a legitimate issue as this caused a ton of sites to get bypassed since the community and user-base behind mySQL is absolutely huge.

Problem isn't SQL, it was how he coded it all together. Notice how lots of other servers have highscores that aren't being injected onto because it's fixed. Ryan just needs to fix his code to not allow mock code to pass by

Ry60003333 · April 30, 2014, 08:30:17 PM

The highscores are being rewritten at the moment. :)

Justin · April 30, 2014, 08:50:28 PM

Quote from: Ry60003333 on April 30, 2014, 08:30:17 PM
The highscores are being rewritten at the moment. :)

I don't understand why everyone wants to see me at the top ::)

Recoil · May 01, 2014, 02:22:52 AM

Quote from: Prayer on April 30, 2014, 07:49:20 PM
Problem isn't SQL, it was how he coded it all together. Notice how lots of other servers have highscores that aren't being injected onto because it's fixed. Ryan just needs to fix his code to not allow mock code to pass by

Well then I suppose it's how you look at it. To me it's a major flaw in SQL syntax even if there are ways of independent developers who use SQL services to get around it. I suppose I was just arguing that the users of SQL services shouldn't be made responsible for such a gaping vulnerability.

Onur · May 01, 2014, 02:52:17 AM

Quote from: Recoil on May 01, 2014, 02:22:52 AM
Quote from: Prayer on April 30, 2014, 07:49:20 PM
Problem isn't SQL, it was how he coded it all together. Notice how lots of other servers have highscores that aren't being injected onto because it's fixed. Ryan just needs to fix his code to not allow mock code to pass by

Well then I suppose it's how you look at it. To me it's a major flaw in SQL syntax even if there are ways of independent developers who use SQL services to get around it. I suppose I was just arguing that the users of SQL services shouldn't be made responsible for such a gaping vulnerability.

Well thats why we should switch to PDO huehue

News:

Highscores