Correction of DC Deficit

Ace · 2026-04-21T00:06:52+0100

Recently, a type of vulnerability has emerged that allows players to send dc like GM to players whose character name appears in the games. It is somewhat similar to Kick Hack in the past. It is extremely easy to close the gap via SQL

GameSRC > DB > ClientManagerLogin.cpp

Code:

if (FindLogonAccount(r.login))
{
    sys_log(0, "LOGIN_BY_KEY already login %s %lu", r.login, p->dwLoginKey);
    TPacketDGLoginAlready ptog;
    strlcpy(ptog.szLogin, szLogin, sizeof(ptog.szLogin));
    pkPeer->EncodeHeader(HEADER_DG_LOGIN_ALREADY, dwHandle, sizeof(TPacketDGLoginAlready));
    pkPeer->Encode(&ptog, sizeof(TPacketDGLoginAlready));
    return;
}

Search in Function

Code:

strlcpy(ptog.szLogin, szLogin, sizeof(ptog.szLogin));

Change

Code:

strlcpy(ptog.szLogin, r.login, sizeof(ptog.szLogin));

Note: The topic is quoted from canTolip.

Language chooser

Search

Correction of DC Deficit

Ace

New member